It didn’t take long for one of my cyberpredictions for 2017 to be realized.  In fact, it actually happened in the waning days of 2016.  My prediction, as found in my recent column for USA Today and here in, predicted that law firms would be targets for hackers seeking inside information from them about their large corporate clients that may be considering mergers or takeovers of other companies.  Using this non-public information, a savvy hacker could trade in the stock of these companies and make tremendous profits before the information about the mergers or acquisitions became known by the public and drove up the price of the stocks.

Recently a thirteen count indictment was unsealed in which three Chinese defendants are alleged to have hacked into the computers of at least seven law firms involved with mergers and acquisitions and stole confidential inside information about impending mergers and takeovers that enabled the hackers to buy stock in these companies before the knowledge of the impending mergers became public and then sell their stock at tremendous profits when the news of the mergers became known.  It is estimated that the hackers made profits of more than four million dollars using this information.  The SEC has also brought a civil action against the three defendants.

Among the companies involved with mergers or takeovers that the hackers are alleged to have profited from using this confidential information were InterMune, a biotech company, Intel, Altera, Pitney Bowes and Borderfree.  On the Pitney Bowes takeover of Borderfree alone, the hackers were able to achieve a profit of more than 105% by purchasing Borderfree stock before the announced takeover and selling soon after the takeover was announced.


For law firms and other companies, this should be another wake up call to provide better security.  The major hacking of a law firm that resulted in the leaking of what has become known as the Panama Papers should have been sufficient notice that law firms and other companies and agencies that hold sensitive and confidential information must take the necessary steps to protect their data better.

For the rest of us as individuals, this should serve as a reminder that our own cybersecurity is inexorably tied to all of the companies and governmental agencies that hold our personal information.  Whenever possible, you should limit the amount of personal information that you provide any company or governmental agency.  For instance, your physician does not need your Social Security number although they often ask for it.

Finally, security begins at home and you should make sure that you are protecting your cybersecurity as best you can by not clicking on links in emails unless you have verified that the communication is legitimate, installing and constantly updating your security software, using unique strong passwords for all of your accounts, using strong security questions, using dual factor authentication and encrypting your communications.