A third party data leak exposed personally identifiable information (PII) belonging to 190 law firms for years. The documents were hosted on Laserform Hub owned by Advanced Computer Software Group Limited, claimed the details were "largely of public records and opted not to report the leak.
Advanced remained unresponsive and seem to be opting to "plead the 5th."
The information exposed by the data breach included details belonging to the staff of the law firms. The information uncovered in the data leak could be deemed sensitive or special and included details such as hashed passwords, legal documents, passport numbers, mother’s maiden name, and eye colors. The law firms affected had both their “primary” and “form” data leaked. Primary data includes details such as user names, IDs, and hashed passwords, while form data contains records such as authentication codes, company details, and service charges. The data leak exposed 10,000 legal documents of about 190 law firms for years before TurgenSec discovered the data security flaw.