The view of law firms as custodians of highly confidential information is that they retain and manage various sensitive information and data, for example, legal disputes, corporate transactions, estate planning, etc., where that data is both privileged as well as highly private in nature. With the delivery of legal services continuing to migrate to a mostly digital environment, due to the concentration of confidential information and data within law firms, their attractiveness as targets for cyberattacks is substantial; the Gearhiser, Peters, Elliott & Cannon data breach illustrates that even established law firms are not exempt from facing an increase in risks associated with these types of events.

The breach of Gearhiser, Peters, Elliott & Cannon occurred when, in April 2025, unauthorized access of specific systems was acquired and files were potentially accessed and copied by an assumed unauthorized third party. Following a thorough analysis of the potential files accessed, it was determined that the files may have contained both personal and financial information. After the breach was validated, notification would also commence.

Due to the vast range of ways in which law firms hold information, they occupy a very particular place within the data ecosystem. Client records may include everything from Social Security Numbers and banking details to identification, medical records and insurance records. In addition, documents that are generated as part of legal cases may contain sensitive narratives or storylines about the client, and contracts with the client or other entities. Therefore, the ability to steal legal-related databases by an adversary is heightened due to the value of the information being stored in them.

Another reason for increased risk to law firms is that records are kept for long periods of time; in most cases, due to the nature of law and how long it takes for litigation, case files are held for years after they have been completed. Keeping these records intact leads to large volumes of data that need to be protected against the continuously evolving threat landscape.

Another complication arises from the increased use of digital tools to perform legal work. Although document management systems, cloud storage, remote access solutions, etc. have improved the efficiency of law firms, especially in this era of hybrid working environments, each of those tools has created a new point of entry for potential breaches. Both direct attacks on the points of entry and breaches of third-party services or client user accounts can allow for unauthorized access.

Cybercriminals have many motives apart from money to attack a law firm. These criminals can gain access to various types of legal documents that can be used to obtain information on pending lawsuits, negotiations, and personal information. The legal records that a law firm contains can be used for extortion, identity theft, and targeted phishing schemes. Since the documents are sensitive and of high value, there are many crimes committed against law firms as well as numerous lawsuits and incidents that involve records of law firms.

Many timelines of the legal industry show how time-consuming and complicated the investigation of these crimes can be. A lot of time is spent to determine the files that were compromised, and the amount of information contained in them, and to contact the individuals that were affected, and that does not include the time that it takes to conduct a forensic investigation. This process demonstrates that the legal records are detailed and are very sensitive documents.

Clients of law firms must remember that there are many times when they are asked to provide personal information that pertains to their legal case. There are many reasons that a client may be asked to provide information, each requiring that the information is confidential, e.g. financial, medical, and business matters. Therefore, protecting this information is critical if clients want to maintain trust in the legal system.

Many law firms are beginning to realize that they need to strengthen their digital defenses due to the changing climate of cyber-threats. Strong access controls should be put into place, regular security assessments should be conducted, and systems and employees should be prepared in advance to respond to the threat when it is encountered.

As a result of increased importance on Cyber Security within the Legal Profession is indicative of a larger pattern developing. The growth of sensitive digital information necessitates enhanced protection of that digital data, which has gone from being a mere technical requirement to now being considered an integral part of the organization and its work in maintaining its clients' privacy.