Welcome to the Reuters.com BETA. Read our Editor's note on how we're helping professionals make smart decisions.
Skip to main content

Legal Industry

Cohen Milstein says cyber incident may have affected 'small subset' of firm's data

4 minute read

Signage is seen at the law firm of Cohen Milstein Sellers & Toll PLLC in their legal offices in Manhattan, New York City, New York, U.S., April 28, 2021. REUTERS/Andrew Kelly

(Reuters) - Cohen Milstein Sellers & Toll, a plaintiff-side complex litigation firm, experienced unauthorized access to its computer systems in January, according to a notice on its website. The firm said it investigated the incident and isn't aware of any misuse of information.

The firm disclosed Friday that it "discovered unusual activity on certain computer systems" on Jan. 23, potentially risking the security of some data. A Cohen Milstein representative said on Monday that a "small subset" of the firm's servers and cases may have been affected.

"An exhaustive review of the data was conducted and concluded that only a small subset of Cohen Milstein's servers and cases were potentially impacted and there is no evidence that any of the potentially impacted data was misused or that there was any attempt to misuse it," the representative said in an email statement.

The 100-lawyer firm is the latest law firm to suffer a data security incident, as the legal industry is increasingly targeted. In the past year, firms including Jones Day, Goodwin Procter, Seyfarth Shaw and Fragomen, Del Rey, Bernsen & Loewy have revealed they were affected by cybersecurity incidents. Firms and other legal services providers and vendors hold sensitive and confidential data about their clients and their own businesses.

Cohen Milstein, which handles large-scale class action litigation for plaintiffs across the country, has offices in Washington, D.C., New York, Philadelphia, Chicago, Raleigh and Palm Beach Gardens.

When the firm discovered the unusual activity, it disconnected the affected systems from the network and launched an investigation, which found that its systems "were subject to unauthorized access by someone not connected with Cohen Milstein" on that date, the notice said.

The firm said it is notifying anyone who had personally identifying or personal health information on the systems "out of an abundance of caution," reviewing and beefing up its policies and procedures and notifying regulators.

Read more:

Jones Day is latest major law firm affected by vendor data breach

Jones Day and Goodwin breaches highlight law firms' cyber, PR challenges

Seyfarth takes systems down after malware attack

Fragomen says breach exposed Google employees' information, but 'client data systems' safe

Our Standards: The Thomson Reuters Trust Principles.

More from Reuters