Cohen Milstein says cyber incident may have affected ‘small subset’ of firm’s data

Signage is seen at the law firm of Cohen Milstein Sellers & Toll PLLC in their legal offices in Manhattan, New York City, New York, U.S., April 28, 2021. REUTERS/Andrew Kelly

Cohen Milstein Sellers & Toll, a plaintiff-side complex litigation firm, experienced unauthorized access to its computer systems in January, according to a notice on its website. The firm said it investigated the incident and isn’t aware of any misuse of information.

The firm disclosed Friday that it “discovered unusual activity on certain computer systems” on Jan. 23, potentially risking the security of some data. A Cohen Milstein representative said on Monday that a “small subset” of the firm’s servers and cases may have been affected.

“An exhaustive review of the data was conducted and concluded that only a small subset of Cohen Milstein’s servers and cases were potentially impacted and there is no evidence that any of the potentially impacted data was misused or that there was any attempt to misuse it,” the representative said in an email statement.

The 100-lawyer firm is the latest law firm to suffer a data security incident, as the legal industry is increasingly targeted. In the past year, firms including Jones Day, Goodwin Procter, Seyfarth Shaw and Fragomen, Del Rey, Bernsen & Loewy have revealed they were affected by cybersecurity incidents. Firms and other legal services providers and vendors hold sensitive and confidential data about their clients and their own businesses.

Cohen Milstein, which handles large-scale class action litigation for plaintiffs across the country, has offices in Washington, D.C., New York, Philadelphia, Chicago, Raleigh and Palm Beach Gardens.

When the firm discovered the unusual activity, it disconnected the affected systems from the network and launched an investigation, which found that its systems “were subject to unauthorized access by someone not connected with Cohen Milstein” on that date, the notice said.

The firm said it is notifying anyone who had personally identifying or personal health information on the systems “out of an abundance of caution,” reviewing and beefing up its policies and procedures and notifying regulators.

Read more:

Jones Day is latest major law firm…