Your clients trust you with their most sensitive information but cybercriminals are working overtime to get it.
In this issue, we unpack the latest surge in leaked attorney credentials, share password and MFA best practices for lawyers on the go, and reveal why static cyber incident plans can leave your firm dangerously exposed.
Cross-Border Data Transfers in Litigation – Navigating GDPR, UK Privacy Laws, and U.S. Compliance
When litigation involves parties, witnesses, or evidence outside the U.S., cross-border data transfers can quickly become a legal minefield.
For law firms, the challenge lies in meeting U.S. discovery obligations while also complying with strict privacy regulations like the EU’s General Data Protection Regulation (GDPR) and the UK Data Protection Act (DPA 2018).
The Core Conflict: Privacy vs. Discovery
U.S. litigation often requires broad disclosure of evidence, including documents, emails, and personal data.
But under GDPR and UK privacy laws, transferring personal data, especially sensitive information, outside their jurisdictions requires specific legal safeguards. Without them, you risk significant fines and reputational damage.
For example, GDPR prohibits sending personal data to countries lacking “adequate” privacy protections unless additional safeguards are in place. The U.S. currently does not have blanket adequacy status, meaning law firms must rely on approved mechanisms like:
- Standard Contractual Clauses (SCCs)
- Binding Corporate Rules (BCRs)
- The EU–U.S. Data Privacy Framework (for eligible transfers)
Special Risks in Litigation
In discovery, personal data may include employee records, client details, financial data, or communications containing sensitive identifiers. Without proper safeguards, even routine email exports could trigger regulatory scrutiny.
On top of that, GDPR includes data minimization and purpose limitation principles, meaning you can’t simply “transfer everything” and sort it out later, which is a common approach in U.S. litigation. Instead, law firms must carefully filter and review data before transfer.
Steps for Compliance
- Map the Data – Identify what personal data you hold, where it’s stored, and whether it falls under GDPR or UK DPA. Consider using DLP and FIP for this purpose.
- Assess Legal Basis – Ensure the transfer is necessary for litigation and supported by an appropriate legal mechanism.
- Implement Safeguards – Use encryption, access controls, and contractual clauses to limit misuse or unauthorized disclosure.
- Document Your Process – Regulators expect evidence of compliance steps if questioned.
- Work with Local Counsel – Coordinate with attorneys in the relevant jurisdiction to avoid conflicts with local privacy laws.
Why It Matters for Law Firms
The penalties are steep. GDPR fines can reach €20 million or 4% of global turnover, whichever is higher. Beyond fines, mishandling cross-border data can erode client trust and jeopardize your case.
As you can see, cybersecurity and privacy compliance are inseparable. Law firms that integrate data protection into their litigation strategy will not only avoid costly mistakes but also strengthen their reputation as trusted advisors.
Password & MFA Best Practices for Attorneys on the Go
Attorneys often work beyond the office from courtrooms to client meetings and even airport lounges. While mobility is essential, it also introduces unique cybersecurity risks, especially when it comes to passwords and multi-factor authentication (MFA).
For law firms, the challenge is maintaining both security and compliance without slowing down daily work.
Why Mobile Attorneys Are a Target
When you’re on the move, you’re more likely to use public Wi-Fi and personal devices, or log in from unfamiliar networks. Cybercriminals know this, making traveling attorneys prime targets for phishing, credential theft, and account takeover attacks.
Password Best Practices
- Use Strong, Unique Passwords – Avoid reusing passwords across accounts. Each account should have a 12–16 character password with letters, numbers, and symbols.
- Leverage a Password Manager – These tools generate and store complex passwords securely, eliminating the need to remember them all.
- Change Compromised Passwords Quickly – If you suspect a breach, act immediately.
MFA – Your Second Layer of Defense
Multi-factor authentication adds a critical barrier even if your password is stolen. But not all MFA methods are equal.
- Best Option: Hardware security keys (e.g., YubiKey), which is immune to phishing attacks.
- Good Option: Authenticator apps (e.g., Microsoft Authenticator, Google Authenticator) . These are more secure than SMS codes.
- Avoid When Possible: SMS-based MFA is still better than nothing, but is vulnerable to SIM swapping.
Balancing Security and Usability
Attorneys can feel burdened by extra logins, but skipping MFA or using weak passwords is a bigger risk, especially when handling privileged client data.
To make it easier:
- Enable biometric logins (fingerprint, face ID) on secure devices.
- Set up trusted device lists for your MFA system to reduce constant prompts.
- Keep offline backup codes stored securely in case your MFA device is lost while traveling.
Compliance Matters
Many jurisdictions and clients expect attorneys to implement reasonable cybersecurity measures under ethics rules. Weak password practices or bypassing MFA can be viewed as a failure to protect client confidentiality.
Bottom line: Mobility shouldn’t mean vulnerability. With strong passwords, smart MFA choices, and convenient yet secure workflows, attorneys can safeguard client data anywhere their work takes them.
Why Law Firms Need a Dynamic Cyber Incident Command Structure, Not Static Guidelines
The SolarWinds breach in 2020, which impacted more than 18,000 organizations, including law firms and government agencies directly and indirectly, exposed a painful truth: many organizations still rely on improvised, chaotic responses when cyberattacks strike.
For law firms, this approach is especially dangerous.
Beyond client data exposure, a breach can trigger privilege concerns, ethics violations, regulatory inquiries, and long-term reputational damage.
In the legal sector, where confidentiality is paramount, a reactive scramble simply isn’t good enough.
Why Static Response Plans Fail Law Firms
Many firms do have a “contact list” of IT vendors, cyber counsel, and insurance reps, but they lack a coordinated strategy for handling every dimension of a breach. Think regulatory filings, client notifications, law enforcement coordination, and preserving attorney-client privilege.
Today’s cybercriminals often operate with more discipline and coordination than their targets. This means firms must be equally, if not more, prepared.
The challenge isn’t always technical.
For many organizations, dealing with regulators, bar associations, and auditors after a breach can be more stressful than stopping the attack itself. For law firms, this includes ensuring compliance with state privacy laws, international data regulations like GDPR, and strict ethical rules.
The Escalation Gap
One of the most common and costly mistakes in legal incident response is unclear escalation. Without clear thresholds, senior partners or firm leadership may not learn about a serious breach until days later, losing valuable time to mitigate legal and financial fallout.
During the SolarWinds attack, even top executives weren’t immediately informed due to overly high escalation thresholds.
Moving from Static to Dynamic Response
Tabletop exercises have value, but they often fall short. Real incidents are high-pressure, messy, and require cross-functional coordination among legal, IT, and client service teams, often across multiple jurisdictions.
A dynamic incident command structure means having:
- Predefined leadership roles for legal, technical, and client-facing response.
- Automated action plans tailored to the type of incident and the governing regulations.
- Secure communication channels to preserve confidentiality.
- Regulatory and jurisdiction mapping to ensure compliance in every location where affected clients reside.
Cybersecurity Is Now a Leadership Duty
With over 200 global regulations and rising personal accountability for executives and managing partners, cyber readiness is no longer optional. Breaches are inevitable; chaos is not.
Firms that invest in preparation, practice realistic scenarios, and coordinate across all functions will handle incidents as manageable setbacks rather than career-ending scandals.
The defining factor is clear: treat cybersecurity incident response as a core leadership responsibility, not an IT problem.
Leaked Credentials Surge 160% – Why Law Firms Can’t Afford to Ignore the Threat
When a law firm’s credentials leak onto the dark web, the fallout isn’t always immediate but the damage can be profound and long-lasting.
Client trust, case confidentiality, and even bar license compliance can be jeopardized by something as simple as a stolen username and password.
Recent data shows the problem is accelerating.
Cyberint reports a 160% increase in leaked credentials in 2025 compared to the prior year. That’s an alarming sign that cybercriminals are increasingly bypassing complex exploits in favor of the simplest entry point: logging in through the front door.
Why This Hits Law Firms Hard
According to Verizon’s Data Breach Investigations Report, leaked credentials fueled 22% of breaches in 2024, which is more than phishing or software exploits.
For law firms, a single compromised account could expose confidential case files, attorney-client communications, or sensitive settlement details.
The risk doesn’t stop with the initial compromise. Credentials can be reused across services, sold on criminal marketplaces, or leveraged for more targeted attacks.
For example:
- Account Takeover (ATO): Using a legitimate attorney email account to send phishing emails to clients or opposing counsel.
- Credential Stuffing: Exploiting password reuse to access multiple firm or personal accounts.
- Privilege Loss & Blackmail: Threat actors using sensitive information as leverage in extortion attempts.
Even a compromised personal email could give attackers a pathway to law firm systems through password resets or shared links.
The Automation Problem
Today’s attackers don’t need advanced skills. Automated malware, “infostealer-as-a-service” platforms, and AI-generated phishing campaigns make it easy for even low-level actors to harvest credentials. These are then traded in bulk on Telegram channels and illicit forums, sometimes with device details, VPN keys, and active session cookies attached.
Worse, credential leaks often go unnoticed.
Cyberint’s research found that exposed passwords remain active for an average of 94 days before remediation, which is nearly three months of silent vulnerability.
Closing the Detection Gap
Even the strongest password policy and MFA can’t help if leaked credentials are floating undetected in criminal circles. The firms best positioned to defend themselves:
- Actively monitor dark web and underground markets for stolen accounts tied to their domains.
- Integrate automated alerts into security workflows to revoke compromised access immediately.
- Limit privileges so that any single account breach can’t escalate into a firmwide incident.
- Educate attorneys and staff on phishing, password hygiene, and the dangers of reusing credentials.
The Bottom Line for Law Firms
If your firm isn’t watching for leaked credentials, you’re relying on luck to protect client matters, which is a gamble no attorney should take.
Credential leaks are already happening; the only question is whether you’ll detect them before they’re exploited. In a profession built on confidentiality and trust, proactive discovery is one of the most valuable advantages you can have.
From preventing account takeovers to orchestrating a rapid, coordinated breach response, the firms that thrive are the ones that treat cybersecurity as a core part of legal practice, not an afterthought.
Stay proactive, stay protected, and let Infoguard Cybersecurity be your trusted partner in defending your clients, your reputation, and your license.
Check out our website for more information on how we can help secure your law office.
Best regards,
