The Target: Orrick, Herrington & Sutcliffe, a popular San Francisco-based international law firm.
The Take: The stolen data encompassed a vast array of information, including names, dates of birth, addresses, email addresses, and government-issued identification numbers like Social Security, passport, driver’s license, and tax identification numbers.
The Vector: The intrusion into Orrick’s network compromised a file share, revealing personal information and sensitive health data of victims.
This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.