Why the Los Angeles ransomware attack raised important questions on legal privacy

Americans have become all too used to having their financial secrets stolen by hackers and shared in the dark corners of the internet.

Are you spending money at certain stores that might reveal your personal or political preferences? If you used the wrong bank or credit card, a hacker might know that, along with your name, Social Security number, and address.

But there’s another layer of personal information that would be even more damaging if stolen: your court files.

While there’s no evidence so far that personal legal files were compromised in last month’s ransomware attack on the Los Angeles County court system, the possibility that this kind of information could be accessed raises serious questions that must be addressed. Court officials did an exemplary job so far of getting courts back up and running, but we should take this opportunity to plan for the next attack.

Consider the information in a complex, high-asset, contested divorce case. My clients might be forced to submit detailed financial records showing everything from their retirement accounts to lists of valuable assets and where they are stored.

To a hacker, that’s a roadmap to everything from identity theft to bank fraud or even old-fashioned burglary. (The couple is arguing over who gets a valuable painting at this specific Beverly Hills address? That’s actionable information.

And that’s just the financial information. Under oath, my clients might divulge their sexual history, share allegations of physical abuse, or reveal humiliating details about the breakdown in their marriage that they’d rather not become public.

In most cases, clients are protected. The information is kept in court files that are either too difficult for the general public to access (your neighbors might be nosy, but they aren’t generally going that far to learn the juicy details) or the fact that certain records are sealed.

But in a ransomware attack, those protections could be compromised. While there’s no evidence that happened this time, a future attacker could try to get those sensitive files and then seek a second ransom, asking some of Los Angeles County’s wealthiest residents how much they would pay to keep their private information from going public. The next ransom in a ransomware attack might not be from the government.

For now, the most significant effect of the attack was on lawyers. With remote filing systems down, we had to do things the old-fashioned way, trekking to the courthouse to file paperwork in person or hold a court hearing that might have been done by Zoom instead.

You could see the effects right away, as lawyers had to park five blocks away and then wait in long lines to get into the Stanley Mosk Courthouse the Monday after the attack. It didn’t help that it was a sunny summer day, and we were all dressed like lawyers.

That was even worse for small practitioners who don’t have extra staff to handle an unexpected outage like this and those whose clients were up against a deadline.

The outage was also mercifully short, but that may not be the case next time. We should have plans in place if a future attack leaves remote filing down for weeks or even causes problems filing in person. That could be something as simple as ensuring the courthouse has a dedicated fax line or e-mail address on a separate server that can be activated in an emergency and receive electronic and emergency filings. This information can be widely provided to the public and practitioners. Serious delays like that could affect everything from emergency domestic violence protection orders, where time is of the essence, to child support payments. Suppose a closed courthouse prevents one party from filing crucial paperwork in time. Will judges agree to backdate any payments to the date the other party attempted to file?

And in the event that private files are accessed, we should have a plan in place to notify lawyers and their clients in a timely manner so that they can take proactive steps to protect their bank accounts and credit.

The effects of last month’s attack were minor inconveniences compared to the problems that could have erupted if sensitive files had been accessed. I’d much rather get overheated waiting in line than have to tell a client that their personal information has been compromised.

Ransomware attacks and other hacking attempts will continue. The court system presents a target that is too big, and hackers are always looking for a challenge.

Whether they want money to restore the courts or if they want to get into personal files, Los Angeles County and other extensive city court systems need to look seriously at our online defenses to ensure that breaches are caught early and check that we are doing everything we can to keep those sensitive files out of reach. The court did an impressive job responding to the attack, resolving it quickly, and returning us all to a sense of normalcy. It’s really driven home how, as a profession, we have embraced remote technologies, and it has been for the betterment of everyone.

But with new technology comes new risks, and last month’s attack was a reminder that we should make plans to address them.