- Privacy Risk Report - https://privacyriskreport.com -

Law Firm Cyber Attack Is Involved In A “Series Of Mistaken Assumptions”

On June 27, 2017, the law firm DLA Piper (“law firm”) found itself to be one of many of targets of a recent global cyber attack. The attack reportedly did not compromise any client data. [1]  Reports indicate that, even though email service was disrupted by the attack, lawyers were still able to communicate through text messaging and telephone calls. This attack on the law firm, which by all accounts was aptly prepared for a cyber attack, demonstrates that no business is completely safe and incident response preparation will continue to be a key element in cyber security.

This cyber attack was discussed in a recent decision and provides further proof that data breaches should not be the only concern when considering cyber security.  In Cone et. al. v. Hankook Tire Co., 2017 WL 3446295 (Aug. 10, 2017 W.D. Tenn.), the District Court for the Western District of Tennessee heard arguments during a show cause hearing on questions whether certain attorneys at the law firm, as counsel for the defendant, Hankook Tire (“Hankook”), should be held in contempt after jurors were mistakenly contacted after trial without the District Court’s permission.  While the attorney at the law firm was not held in contempt of court, the District Court made clear that cyber incident, which limited email communications, did not excuse the improper contact of jurors.

The conduct giving rise to the show cause hearing took place after a verdict was returned in favor of Hankook on June 30, 2017. At some point shortly after the case reached a verdict, the court clerk was informed that a “jury researcher” had contact with some of the jurors.  This contact violated the local rules because the parties did not have permission from the District Court to contact jurors to discuss the case.  On July 20, 2017, the District Court issued an order requiring the parties provide information on the jury researcher.

In response to the order seeking information on the jury researcher, counsel for Hankook filed a statement confirming they hired the jury researcher that followed up with the jurors. However, the response filed by Hankook made clear that one of its attorneys (“Sender Attorney”) put into motion a “series of mistaken assumptions” that resulted in the jurors being contacted without the District Court’s permission.  The response indicated the jurors were contacted under the following circumstances:

Based on this timeline, Copied Attorney was not aware of Sender Attorney’s email until some point after the District Court issued the order seeking information on how jurors were contacted after the trial. Copied Attorney further stated that if he would have seen the emails, he would have instructed Sender Attorney to reach out to the other attorneys working on Hankook’s defense to determine if the jurors could be contacted by the jury researcher.  Unfortunately, with Copied Attorney silent on the issue, Sender Attorney and the jury researcher “mistakenly assumed” there was no reason to hold off on contacting the jurors.

The District Court found that Sender Attorney’s violation of the local rules was the result of “a series of questionable assumptions,” but did not rise to the level of contempt of court. While the holding in Cone may have little or no impact on the overall case, the District Court’s finding that there was a series of mistaken assumptions illustrates the impact that a cyber incident may have on the daily operations of any business.  In short, this cyber attack is further proof that we will likely continue to see cyber incidents causing communication disruptions in a variety of businesses.