()

Experts warned that law firms need to “up their game” on data security after millions of documents showing apparent tax evasion and money laundering by wealthy individuals and companies were leaked from Panama offshore firm Mossack Fonseca.

The Panama Papers leak is reportedly the biggest ever data breach and calls into question the ability of law firms to protect clients’ data.

Some 11.5 million leaked documents reveal information on the offshore fortunes of public figures such as Icelandic Prime Minister Sigmundur Gunnlaugsson as well as information on individuals associated with Russian president Vladimir Putin.

Benedict Hamilton, Europe, Middle East and Africa managing director of risk consultant Kroll Experts, said that although firms are already taking security measures to protect private data, much more still needs to be done.

“I definitely think they need to up their game on data security… I don’t think they are doing nearly enough,” said Hamilton. “No company can totally protect itself against an employee abusing trust, but there are things you can do that make it harder for people to leak documents.”

The Panama papers leak comes after reports that 48 law firms were targeted by cybercriminals looking to hack into their systems to gain information on mergers and acquisitions.

Ropes & Gray privacy and data security partner Rohan Massey said: “The risk we have is incredibly real and we are now as a sector being targeted because of the sensitivity of the information we hold.

“As a profession we do need to ensure that our houses are safe and maybe we lag behind because we focus on clients.”

Philip Lieberman, president of Lieberman Software, said clients should be aware of the risks of law firm data breaches and satisfy themselves that a firm has necessary security measures in place before trusting them with information.

“There are some law firms with excellent automated and adaptive cyber defence capabilities, but many are stuck in the dark ages of wigs, candles to read by, and quill pens to write with,” he added.

Private client partners in London agree clients will have questions around the security measures firms have in place following the leak.

“I’m sure there will be clients who are worried – they will read about it and wonder,” said one.

“We and other law firms constantly review whether we are as protected as we can be from hacking but any email is potentially disclosable and you have always got in the back of your mind ‘hopefully it will never happen to us’. Everyone is vulnerable and if you have got a rogue employee that’s just life.”

In a statement to The Guardian Mossack Fonseca said: “We are responsible members of the global financial and business community.

“We conduct thorough due diligence on all new and prospective clients that often exceeds in stringency the existing rules and standards to which we and others are bound.

“Many of our clients come through established and reputable law firms and financial institutions across the world, including the major correspondent banks, which are also bound by international ‘know your client’ protocols and their own domestic regulations and laws.”

Others suggest that the stringent regulations in the UK around data protection and due diligence before taking on a client mean the chances of a similar data breach happening in the UK are slim.

Maurice Turnor Gardner partner, Richard Turnor, said: “Any UK law firm has been subject to anti-money laundering rules for years and before you take on a client you have to know who they are and consider if there are any concerns from a money laundering point of view.”

“All law firms, quite frequently, are unable to proceed with taking on a client because we are not satisfied,” he added.

Another private client partner added: “The best protection is to make sure you are not acting for people who have laundered money in Panama.”

Experts warned that law firms need to “up their game” on data security after millions of documents showing apparent tax evasion and money laundering by wealthy individuals and companies were leaked from Panama offshore firm Mossack Fonseca.

The Panama Papers leak is reportedly the biggest ever data breach and calls into question the ability of law firms to protect clients’ data.

Some 11.5 million leaked documents reveal information on the offshore fortunes of public figures such as Icelandic Prime Minister Sigmundur Gunnlaugsson as well as information on individuals associated with Russian president Vladimir Putin.

Benedict Hamilton, Europe, Middle East and Africa managing director of risk consultant Kroll Experts, said that although firms are already taking security measures to protect private data, much more still needs to be done.

“I definitely think they need to up their game on data security… I don’t think they are doing nearly enough,” said Hamilton. “No company can totally protect itself against an employee abusing trust, but there are things you can do that make it harder for people to leak documents.”

The Panama papers leak comes after reports that 48 law firms were targeted by cybercriminals looking to hack into their systems to gain information on mergers and acquisitions.

Ropes & Gray privacy and data security partner Rohan Massey said: “The risk we have is incredibly real and we are now as a sector being targeted because of the sensitivity of the information we hold.

“As a profession we do need to ensure that our houses are safe and maybe we lag behind because we focus on clients.”

Philip Lieberman, president of Lieberman Software, said clients should be aware of the risks of law firm data breaches and satisfy themselves that a firm has necessary security measures in place before trusting them with information.

“There are some law firms with excellent automated and adaptive cyber defence capabilities, but many are stuck in the dark ages of wigs, candles to read by, and quill pens to write with,” he added.

Private client partners in London agree clients will have questions around the security measures firms have in place following the leak.

“I’m sure there will be clients who are worried – they will read about it and wonder,” said one.

“We and other law firms constantly review whether we are as protected as we can be from hacking but any email is potentially disclosable and you have always got in the back of your mind ‘hopefully it will never happen to us’. Everyone is vulnerable and if you have got a rogue employee that’s just life.”

In a statement to The Guardian Mossack Fonseca said: “We are responsible members of the global financial and business community.

“We conduct thorough due diligence on all new and prospective clients that often exceeds in stringency the existing rules and standards to which we and others are bound.

“Many of our clients come through established and reputable law firms and financial institutions across the world, including the major correspondent banks, which are also bound by international ‘know your client’ protocols and their own domestic regulations and laws.”

Others suggest that the stringent regulations in the UK around data protection and due diligence before taking on a client mean the chances of a similar data breach happening in the UK are slim.

Maurice Turnor Gardner partner, Richard Turnor, said: “Any UK law firm has been subject to anti-money laundering rules for years and before you take on a client you have to know who they are and consider if there are any concerns from a money laundering point of view.”

“All law firms, quite frequently, are unable to proceed with taking on a client because we are not satisfied,” he added.

Another private client partner added: “The best protection is to make sure you are not acting for people who have laundered money in Panama.”