Thursday, 11 April 2019 17:27

Living a Nightmare

Portugal’s largest law firm, PLMJ, recently suffered the horror of a cyberattack that resulted in highly confidential information being published – with such attacks on the increase, what should law firms do to minimise the risk of becoming victims?

It must be a nightmare scenario for any law firm. Hackers break into your firms’ computers, access confidential information about your clients and the correspondence you have had with them and then publish it. But for leading Lisbon law firm PLMJ, this nightmare became reality. In January, the firm’s systems were hacked and information was published on the “Mercado de Benfica” blog. Prior to the newspapers getting hold of the story, PLMJ went through the drama and anxiety of trying to obtain an injunction, but the efforts failed. The secrets were out.

The stress for those involved must have been unimaginable. What clients want when they appointed a lawyer is a trusted adviser, but in this case that trust had been broken, though it is hard not to feel sorry for PLMJ, which was the victim of a crime perpetrated by some very sophisticated hackers.Perhaps unsurprisingly, PLMJ was unwilling to provide any official comment when asked for an update on the fallout from the attack. Lawyers at the firm will want people to stop talking about it in the hope that the story, and the negative publicity that surrounds it, will go away. Meanwhile, partners at rival law firms are breathing a huge sigh of relief that it wasn’t their organisation that had its name tarnished by such a worrying security breach.


Despite the absence of official comment from PLMJ, sources close to the firm say that the management took a series of steps when they realised their systems had been compromised. “The firm found out just before the press did, all the IT guys were called and a specialist US cybersecurity specialist was instructed to analyse everything,” says one source. There is speculation that an employee from a specialist IT company that provides services to the firm may have allowed, deliberately or unwittingly, a password to fall into the hands of a hacker, though this is unconfirmed and police are investigating. “It’s a very sensitive issue,” says another source. “Clients were warned, the firm took the lead on that and contacted all the clients, it was taken very seriously. However, there are issues, and the firm does not want to talk openly about the matter.”

It’s no real surprise that it was a Portuguese law firm that was the victim in this case. Data shows that, when comparing EU countries, Portugal is the third biggest victim of cyberattacks. In light of the horror experienced by PLMJ, firms are being warned that they have to face up to this new threat and act now. “Law firms of all sizes should be worried,” says SRS Advogados partner Luis Neto Galvão (pictured), who specialises in advising companies on data protection. “Even small law firms can be vulnerable to cyberattacks – acquiring a cybersecurity culture takes time and resources,” he says. “Therefore, law firms should start immediately addressing the m atter.”In one of the most famous law firm cyberattacks, the “Panama Papers” scandal in 2015, 11.5 million documents – containing detailed financial and attorney-client information – were leaked from a Panamanian law firm in an event that shook the legal world. Martim Bouza Serrano, a partner at CCA Ontier, says such attacks represent an unsettling window into the future when hackers will become much more sophisticated and be able to carry out attacks on a larger scale. “We have been seeing an increasingly number of cyberattacks and I am certain that during 2019 we will see bigger and more damaging threats than in previous years,” he says.

To read the article in full, please download the magazine here

IL GoldAwards 300x250 Winners

10evento Simmons 300x100 2

IL NPLIberia 300x100

latam awards winners 300x100

Iberian Lawyer
N.89 • November 04, 2019

IL89 Cover SP 200 IL89 Cover EN 200

The Latin American Lawyer
N.9 • September 16, 2019

LAL9 20190916 EN
Mon Tue Wed Thu Fri Sat Sun

This website uses cookies

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the IberianLawyer website. However, you can change your cookie settings at any time. Learn more

I agree

What do I need to know about cookies?

A cookie is a small text file that’s stored on your computer or mobile device when you visit a website. We use them to:

  • Remember your preferences
  • Tailor our sites to your interests.

There are different types of cookies

First party cookies

These are set by the website you’re visiting. And only that website can read them.  In addition, a website might use a separate company to analyse how people are using their site. And this separate company will set their own cookie to do this.

Third party cookies

These are set by someone other than the owner of the website you’re visiting. 

Some IberianLawyer web pages may also contain content from other sites like Vimeo or Flickr, which may set their own cookies. Also, if you Share a link to a IberianLawyer page, the service you share it on (e.g. Facebook) may set a cookie on your browser.

The IberianLawyer has no control over third party cookies.

Advertising cookies

Some websites use advertising networks to show you specially targeted adverts when you visit. These networks may also be able to track your browsing across different sites.

IberianLawyer site do use advertising cookies but they won’t track your browsing outside the IberianLawyer.

Session cookies

These are stored while you’re browsing. They get deleted from your device when you close your browser e.g. Internet Explorer or Safari.

Persistent cookies

These are saved on your computer. So they don’t get deleted when you close your browser.

We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.

Other tracking technologies

Some sites use things like web beacons, clear GIFs, page tags and web bugs to understand how people are using them and target advertising at people.

They usually take the form of a small, transparent image, which is embedded in a web page or email. They work with cookies and capture data like your IP address, when you viewed the page or email, what device you were using and where you were.

How does the Iberian Lawyer use cookies?

We use different types of cookies for different things, such as:

  • Analysing how you use the IberianLawyer
  • Giving you a better, more personalised experience
  • Recognising when you’ve signed in

Strictly Necessary cookies

These cookies let you use all the different parts of Iberian Lawyer. Without them services that you have asked for cannot be provided.

Some examples of how we use these cookies are:

  • Signing into the IberianLawyer
  • Remembering previous actions such as text entered into a registration form when navigating back to a page in the same session
  • Remembering security settings which restrict access to certain content.

Performance cookies

These help us understand how people are using the IberianLawyer online, so we can make it better. And they let us try out different ideas.
We sometimes get other companies to analyse how people are using the IberianLawyer online. These companies may set their own performance cookies You can opt out of these cookies here.Some examples of how we use these cookies are:

  • To collect information about which web pages visitors go to most often so we can improve the online experience
  • Error management to make sure that the website is working properly
  • Testing designs to help improve the look and feel of the website.
Cookie nameWhat it's for
Google DoubleClick The IberianLawyer uses Google DoubleClick to measure the effectiveness of its online marketing campaigns.Opt-out of DoubleClick cookies
Google Analytics From time to time some IberianLawyer online services, including mobile apps, use Google Analytics. This is a web analytics service provided by Google, Inc. Google Analytics sets a cookie in order to evaluate use of those services and compile a report for us.Opt-out of Google Analytics cookies