PLMJ hacked

In news that has yet to make it out of Iberia, Portugal’s largest law firm, PLMJ, this year became the latest firm to fall victim to a cyberattack after its network was compromised and information relating to the the Benfica football corruption investigation published Wikileaks-style on a football blog.
Lisbon club Sport Lisboa e Benfica has been accused of several counts of corruption, which it strongly denies. Prosecutors allege that Benfica SAD conspired to bribe the judiciary and obtain information about investigations into the club. PLMJ is helping the club to defend itself against the allegations which, if proven, could see it banned from competitive sport for up to three years.
The breach is understood to have taken place towards the end of 2018, with confidential information published on the Mercado de Benfica football blog, according to multiple reports in the Iberian press. PLMJ issued a statement in January, saying: “Following successive attempts at unlawful intrusion, the security of the PLMJ network was recently compromised.
PLMJ is assessing the impact of this unlawful access to information and, together with a team of specialists, it has immediately defined preliminary protection and containment measures.”
It added: “The security of our clients’ information and the defence of their interests and rights are our priority. We will keep you informed of all and any significant new developments or facts relating to this issue.”
According to a report from online Portuguese economic newspaper ECO, some of the measures that PLMJ has already implemented are “the total separation of personal and professional use environments, data confidentiality and data tracking systems, the definition of computer security protocols and the establishment of diversified access levels according to sensitivity of themes.”
Asked for comment on the breach, a spokesperson told us: “As we communicated publicly, once we were made aware of an issue, we launched an investigation with a global incident response company and put additional security measures in place.” He added: “The security of our clients’ information and the defence of their interests and rights are our priority.” PLMJ is a long-term client of Epona’s on-premises Sharepoint-based DMSforLegal, but we understand that the DMS was not breached.