CISO MAG Desk: The ‘Paradise Papers’ findings released by the US-based International Consortium of Investigative Journalists (ICIJ) have opened a can of worms. ICIJ is the same organization that was behind Panama Papers sensational exposures. The major cyber breach has been reported from Appleby, a multi-national offshore law firm known for its tax planning services.
The leaked documents, dubbed Paradise Papers were released on November 6, 2017, and consist of 13.4 million records including emails, loan agreements and bank statements that contain sensitive financial information pertaining to highly prominent and influential figures. Out of 13.4 million records, 6.8 million documents came from a cyberattack on Appleby files. The Appleby files were obtained by the German newspaper Süddeutsche Zeitung and shared with the ICIJ along with 95 media firms to maximize the exposure of the leaked information.
The Paradise Papers exposures have been compared to the 2015 Panama Papers leak which exposed millions of documents from the Mossack Fonseca law firm.
In October end, Bermuda-based firm Appleby, that represents wealthy clientele, released a statement saying “We are disappointed that the media may choose to use information which could have emanated from material obtained illegally and that this may result in exposing innocent parties to data protection breaches,” continues Appleby, adding that it reviewed its cybersecurity and data access arrangements and is confident that its data integrity is secure”.
The thunder of Paradise Papers disclosures has been felt in India as well as it has named 714 Indians for evading taxes. High profile names include Bollywood actor Amitabh Bachchan, corporate lobbyist Niira Radia, Minister of state for aviation Jayant Sinha.
The long list of international leaders and celebrities on the list includes Britain’s Queen Elizabeth II, Colombian President Juan Manuel Santos, Canadian Prime Minister Justin Trudeau’s chief fundraiser Stephen Bronfman, individuals linked to the U.S. President Donald Trump, singers Bono and Madonna, and US Commerce Secretary Wilbur Ross among several others.
Mark Sangster, Vice President and industry security strategist at cybersecurity company eSentire told SC Magazine ” The parallels of Paradise Papers to Panama Papers breach are obvious, however beyond the shock factor of the leaked data itself, what’s more alarming is the depth and magnitude of this breach. Law and accounting firms should raise the alarm when it comes to their firm’s cybersecurity rigor”.
“While the mechanics of the breach itself have yet to be revealed, this was clearly a targeted attack. Law and accounting firms are particularly susceptible to ethical hacking and really, every firm should assume they’ll be breached. These firms house a treasure trove of sensitive data that, when compromised, can result in sometimes irrecoverable damage”, Sangster continued.
Ilia Kolochenko, CEO of web security company High-Tech Bridge said “hacking of their clients is quite costly, will likely be detected and investigated, and almost certainly will cause very serious counteractions,” said Kolochenko, in emailed comments. “It may be a good moment to think about imposing obligatory data security standards on law firms and practicing attorneys. Their data deserves at least the same level of protection as data of companies under PCI, DSS or HIPAA compliance. Otherwise, visiting attorneys will become a very risky practice”.