By now, you’ve likely heard about what’s said to be the biggest data leak in history – the Panama Papers.
An estimated 11.5M files from Mossack Fonseca, one of the world’s largest offshore law firms, was leaked, exposing off shore tax havens from many rich and powerful individuals around the world, including 12 national leaders – two being Russian President Vladimir Putin and Icelandic Prime Minister Sigmundur David Gunnlaugson.
The documents show how Mossack Fonseca helped clients launder money, dodge sanctions, and evade tax for 40 years.
Mark Sangster, VP of Marketing at eSentire says, “The Panama Papers breach represents a new security threat-scape. Insider threat is a growing concern. We’re seeing many cases of insider data breaches that involve leaking sensitive data for front running trades or more malicious intent. In this case, seemingly one individual got his or her hands on a massive collection of files spanning four decades. If this holds true, this extreme case of an apparent insider threat will result in catastrophic consequences for Mossack Fonseca.
As with last week’s multi-law firm breach case, the elephant in the room is the target on law firms’ backs. Until now, the legal industry has generally operated within a loose set of cyber security guidelines. However quickly, we expect to see hardline compliance rules and fines come to firms with sub-standard cyber security defenses in the future.”
Dodi Glenn, VP of Cyber Security at PC Pitstop says, “Given the bits of information we’ve already seen, I suspect many people will be caught in a lot of turmoil in the near future, as the documents are further analyzed and more information is disclosed to the public.
It’ll be interesting to see how many individuals come forward, admit they were caught, and resign from their positions.
From a security standpoint, the amount of content leaked seems to dwarf Wikileaks’ Cablegate from 2010, but it’s hard to say at this point how the data was taken – whether it was an insider, a phishing attack, or malware. Long story short, if you want to keep something confidential, don’t put it on a computer specifically one connected to the Internet. The very second you do that, you can assume the data can be purloined.”
Graphic by Shutterstock