X-twitter Facebook-f Pinterest-p
X-twitter Facebook-f Pinterest-p

Security Risk — AI Engagement Letter Advice, Inside Another Large Law Firm Hack


Your Client Is Talking to ChatGPT About Their Case. After ‘Heppner,’ That’s a Discovery Problem.” —

  • “You have a client right now who is typing their case details into ChatGPT. A personal injury client describing their injuries and uploading medical records. An employment client recounting what HR said in the termination meeting. Both recapping what you told them on the phone last week. They think it is private. It is not. And after United States v. Heppner, opposing counsel has a federal court opinion telling them how to use that against your client.”
  • “Most of the commentary on this ruling has come from Big Law defense shops advising corporate clients on internal AI policies. That tracks. But the real exposure lands on the plaintiff’s side. Your clients are the ones awake at 2 a.m., anxious, asking a chatbot what their case is worth. Defense attorneys are not losing sleep over Heppner. They are sharpening discovery requests.”
  • “On Feb. 10, Judge Jed Rakoff ruled in the Southern District of New York that 31 documents a criminal defendant created using a consumer version of Claude were not privileged. The defendant had fed information from his attorneys into the chatbot, generated defense strategy reports, and later shared them with counsel. The court held the materials failed on at least two, and likely all three, elements of privilege: an AI tool is not an attorney, the consumer platform’s privacy policy negated any expectation of confidentiality, and the defendant acted without counsel’s direction.”
  • “Rakoff did leave one door open. If counsel had directed the client to use the AI tool, the court suggested it might function like a third-party expert working under the attorney’s supervision. That question remains unanswered.”
  • “Here is where it gets dangerous for plaintiff firms specifically. Heppner did not just create new documents with AI. He fed privileged attorney communications into the platform. Information his lawyers gave him went into Claude as prompts. Judge Rakoff’s opinion suggests this may have waived privilege over the original attorney-client communications, not just the AI outputs.”
  • “Think about what that looks like in your practice. Your client takes your case evaluation, your strategy notes, your assessment of liability, and types it into ChatGPT to ‘understand it better.’ Under Heppner’s reasoning, the defense can argue the privilege over your advice just evaporated. That is not a hypothetical edge case. That is a Tuesday.”
  • “The discovery angle cuts both ways, and plaintiff attorneys should be thinking offensively here. Corporate defendants and their employees are using AI tools to summarize internal investigations, evaluate liability exposure, and draft talking points. If those conversations happened on consumer platforms without counsel’s direction, the same Heppner logic could make them discoverable. Plaintiff firms fight against well-resourced corporate legal teams every day. This is a new tool in the belt.”
  • “What to Do About It. Update your engagement letters. Add explicit language that anything a client types into a consumer AI platform about their case may be discoverable. This belongs right next to your social media warning.”
  • “Have the conversation at intake. Ask directly: are you using ChatGPT, Claude, or any AI tool to research your case or your injuries? Most clients will not volunteer this. You need to ask and you need to explain why it matters.”
  • “Document attorney direction. If you want a client using AI for case preparation, put your instructions in writing. Specify the tool, specify the purpose. Heppner drew a bright line between client-initiated and attorney-directed use. Stay on the right side of it.”
  • “Expect AI-targeted discovery. Heppner was a criminal privilege ruling, but the weight of legal commentary says the reasoning extends to civil discovery. Defense counsel reads the same case law you do. Requests for production targeting AI usage are coming.”
  • “Heppner applied old privilege principles to new technology. The conversation you need to be having with every new client is simple: if you are using AI to think about your case, tell me now, and stop putting case details into consumer chatbots. That one conversation could save the case.”

Silent Ransom Group leaked another big law firm: Orrick, Herrington & Sutcliffe” —

  • “Jones Day wasn’t the only big law firm to recently fall prey to threat actors variously known as Silent Ransom Group, Luna Moth, Chatty Spider, or UNC3753. DataBreaches will refer to them as the Silent Ransom Group (‘SRG’).*”
  • “In January, SRG gained access to the law firm of Orrick, Herrington & Sutcliffe LLP (‘Orrick’). In terms of gross revenue, Orrick is not as large as Jones Day. Still, it has over 25 offices across the United States, Europe, and Asia, and its gross revenue exceeded $1.5 billion in 2025.”
  • “Orrick’s name may sound familiar because in March 2023, it was the victim of a data breach that affected 461,000 people. A consolidated class-action lawsuit was settled in 2024, with Orrick not making any admission of guilt but agreeing to create an $8M non-reversionary fund as part of the settlement.”
  • “Having dealt with the costly 2023 breach, would they be eager to avoid another class action by paying SRG in the hope that the breach never becomes widely known? Or would they decide not to pay at all and weather any storm?”
  • “In communications with SRG, DataBreaches asked several questions, one of which was, ‘Did the fact that Orrick had settled that class-action for $8M have any effect on you targeting them? Did you think that a big firm that has just made a big settlement would be more likely to pay to avoid a second scandal or big lawsuit?’ They replied:”
    • “As We can see, this organization is not learning from its mistakes. Typically, when dealing with firms from the top 100 law firms, they all, without exception, recognize the seriousness of the situation and make the only correct decision.”
    • “They offered $1,000,000 to resolve this matter, but that was far less than the amount requested, and We decided to publish their details. This was the first top-100 law firm to offer such a meager sum.”
  • “SRG informed DataBreaches that it first gained access to Orrick on or about January 20, 2026, and remained in its network for about a week. The attack did not involve any malware, as SRG never deploys malware.”
  • “On February 6, 2026, a representative from Orrick appeared in chat and negotiations began. SRG shared the chat logs with DataBreaches, but only after negotiations had failed.”
  • “From statements made in the chat by both parties, it seems that SRG contacted employees and Orrick’s clients at times. The negotiations appeared calm on both sides, with Orrick’s representative saying at one point:”
    • “I can tell you are experienced in this subject matter, which means you must also know thet [sic] lawsuits happen and information becomes public no matter what the outcome is here. It does not mean we’re unwilling to find an agreement, but we want to speak honestly about what a deal does and does not accomplish. I hope that is OK with you. We do not agree that [redacted] million is a reasonable expectation for purchasing the word of a stranger. It does not ease any of the other costs we will face from this. If you have a different number in mind that is more realistic, we are happy to review it and begin a productive dialogue.”
  • “SRG responded by reviewing some facts and listing the names of some of the clients whose private information was now in SRG’s hands. Orrick did not come back with what SRG would consider commensurate with the scope and volume of the data involved. On February 18, Orrick offered $225,000.00 and subsequently flat-out told SRG that while they were open to making a deal with SRG, ‘there is no 7 figure deal to be had here.’”
  • “On February 23, SRG added Orrick to its leak site and leaked all of the data. Orrick’s negotiator noted the development and offered SRG a final $400,000.00 offer if the post was removed immediately. It was removed for a while, but SRG rejected Orrick’s subsequent $1M final offer and re-leaked it all.”
  • “Some might think that any hack-and-leak gang would be happy to get $1M and would take the money and run. But what SRG did is similar to what DataBreaches has seen the Daixin Group and others do in other incidents: they refuse an offer that seems way too low so that future victims will learn the group will leak rather than accept an offer they do not consider reasonable.”
  • “DataBreaches’ inspection of the data tranche identified many files that appeared to be confidential. DataBreaches will not focus on the more confidential information, but will provide a sense of how little file security there was for some files. In one of several index files in the leak, 77 filenames included ‘CONFIDENTIAL’ in their names. All of those files were in plaintext with no password protection. Some of them contained confidential files relating to litigation. Some contained confidential and sensitive employee information.”
  • “As part of its settlement in 2024 IN RE: ORRICK, HERRINGTON & SUTCLIFFE, LLP DATA BREACH LITIGATION, Orrick also agreed to improve its security:”
    • “As further consideration to the Settlement Class, Orrick has agreed to make numerous business practices changes relating to data security. Orrick has also confirmed that, as a direct result of Plaintiffs’ filing of the Action, Orrick has already implemented several improvements to its data security. Ex. 1, §8.1. These enhancements include improving its detection and response tools, enhancing its continuous vulnerability scanning at both the network and application levels, deploying additional endpoint detection and response software, and with the help of an industry leading cybersecurity vendor, performing additional 24/7 network managed detection and response.”
  • “As the FBI noted in its private industry notification last year, law firms are frequent and lucrative targets due to the sensitivity of the information they store, and SRG, in particular, has been targeting them since 2023. Jones Day and Orrick are not the only law firms SRG has hit — and leaked — recently. DataBreaches may have more on this in the near future.”



Source link

Leave a Reply

Subscribe to Our Newsletter

Get our latest articles delivered straight to your inbox. No spam, we promise.

Fears of looser standards as the FBI and Justice Department scramble to fill a depleted workforce

Security Risk — AI Engagement Letter Advice, Inside Another Large Law Firm Hack

If You Never Received a Form 1099, Do You Still Have to Report the Income? – Houston Tax Attorneys

BRB Risk Jobs Board — Senior Conflicts Analyst (Hinckley Allen)

MSBI vs Power BI | Differences Between Power BI & MSBI

Security Risk — AI Engagement Letter Advice, Inside Another Large Law Firm Hack

If You Never Received a Form 1099, Do You Still Have to Report the Income? – Houston Tax Attorneys

BRB Risk Jobs Board — Senior Conflicts Analyst (Hinckley Allen)

Minnesota Wild lose to the Tampa Bay Lightning 6-3

Security Risk — AI Engagement Letter Advice, Inside Another Large Law Firm Hack

If You Never Received a Form 1099, Do You Still Have to Report the Income? – Houston Tax Attorneys

BRB Risk Jobs Board — Senior Conflicts Analyst (Hinckley Allen)

Recent Reviews

MSBI vs Power BI | Differences Between Power BI & MSBI


Introduction to Power BI:

Power BI is one of the popular business intelligence tools developed by Microsoft Corporations to offer various data modeling capabilities like data preparations, data visualizations, data discovery, and generating interactive data analytic dashboards. With the help of Power BI users can make powerful business-related decisions. This Power BI tool helps users to pull the data using various formats such as images, excel sheets, spreadsheets, and videos. The Power BI tool also helps to centralize the database management system, and you can also visualize the data model on it. 

The important basic components of the Power BI tool:

1. Power BI desktop:

This is a free application component available to install on your desktop, modify, visualize the data, and have full freedom to establish a connection. This also enables users to create the data model by using data from multiple sources and also you can create visuals and data reports and also share them with other team members in your organization.

2. Power BI services:

This is a cloud based service in the Microsoft cloud applications, which also eases the data sharing and collaborations of data reports. You can also bring all the relevant data sets into one place by using this component.

3. Power BI Mobile Apps:

This component will help us to bring the services and not wait for your desktop to start working. You can install this component on various operating systems like Windows 10, Androids, and IOS systems.

Become a Power BI Certified professional by learning this HKR Power BI Training !

Important features of Power BI:

The following are the important features of Power BI:

1. Offers a range of attractive data visualizations.

2. Helps users to collect data from different data sources.

3. Data set filtrations.

4. provides customizable dashboards.

5. Flexible tiles.

6. Navigation pane.

7. Informative reports.

8. Natural language Q & A Question box.

9. DAX data analysis functions.

10. Help and feedback buttons.

11. Microsoft office 365 Application launcher.

12. Great collection in content packs.

MSBI Training

  • Master Your Craft
  • Lifetime LMS & Faculty Access
  • 24/7 online expert support
  • Real-world & Project Based Learning

Advantages of Power BI tool:

The below are the key advantages of using Power BI:

1. Hybrid deployment support:

This feature provides in-built connectors that enable Power BI tools to connect with various data sources from Microsoft and other vendors.

2. Quick insights:

With the help of this Power BI feature, users can create a subset of data and automatically apply analytics to that information.

3. Cortana Integration:

This feature enables users to verbally query data using natural language and access results using Microsoft digital assistant, Cortana.

4. Customization:

This feature helps developers to change the appearance of the default visualization and reporting tools while importing new tools into the platform.

5. API’s for data integration:

The Microsoft Power BI REST API feature helps developers embedded the Power BI dashboard and various resources in other software.

6. Lower upfront Costs:

The basic version of Power BI is a free subscription service, where the full power BI Pro costs $9.99 per month, per user.

7. Mobility:

Various Power BI tools are available for mobile apps in Android and IOS.

Click here to learn Power BI Tutorial

Limitations of Power BI:

The below are the few disadvantages of using Power BI:

1. This tool is very difficult to implement. You need to loop them in the development team, the IT team to get it executed.

2. To implement row-level security in power bi and tie your web application users with Power BI users.

3. With users coming and leaving an organization, it becomes a nightmare to manage.

4. Requires considerable investment.

5. You need to buy a premium capacity.

6. Not feasible for pro users.

7. Still users need to visit your web page and the information is not delivered to them.

Introduction to MSBI:

MSIB can be abbreviated as “Microsoft business intelligence”, and this product tool is developed to provide ETL capabilities. This tool helps users to visualize and organize the multidimensional data sources to provide data extraction, transformations, and loading (ETL) features. Microsoft’s business intelligence tool also transforms the raw data into effective insightful business data.

Microsoft business intelligence tool can be divided into three categories they are;

1. SSIS or SQL server integration services: this tool is used for data integration.

2. SSAS or SQL server Analysis services: This tool is used for data analysis.

3. SSRS or SQL server reporting services: This tool is used for reporting.

      Become a MSBI Certified professional  by learning this HKR MSBI Training !

Features of MSBI:

The following are the key features of MSBI or Microsoft business intelligence tool:

1. This tool offers end-to-end single business solutions.

2. .net, web services support MSBI.

3. Easy integration tools with .NET and share point.

4. This is a Microsoft product.

5. Very easy to install and use.

6. Very less price compare to others.

7. Graphical user interface-based business intelligence tool.

8. Supports multiple servers without performance loss.

9. Also supports SEMO warehousing operations.

Business Intelligence & Analytics, msbi-vs-power-bi-description-0, Business Intelligence & Analytics, msbi-vs-power-bi-description-1

Subscribe to our YouTube channel to get new updates..!

Advantages of MSBI:

1. Offers easy data exploration and data visualization:

This is the world of data exploding, this tool offers the ability to explore valuable data and also perform data visualization tasks to get greater results. When compared with other business intelligence tools, I think this is an awesome tool in the data visualization process.

2. Acts as a managed self-service Business intelligence tool:

This Microsoft business intelligence tool provides an effective self-service business intelligence tool. The MSBI also acts as a Microsoft Excel that is used by everyone in their day-to-day activities to produce and report the data analytics.

3. This tool makes use of Native MS excel features:

The MSBI tool makes use of Microsoft Excel features to the core in order to produce effective data analysis. By using excel Microsoft excel features it’s very easy to collect data from multiple data sources.

4. MSBI tool supports Web service applications:

MSBI tool works well with programming languages like .NET and SQL database servers to build an effective web service application and also offers abundant benefits to the clients.

5. End-to-end Business solutions:

MSBI provides you a great business solution for your organization and enables users to make effective business decisions. This tool offers entire top-to-bottom business solutions.

6. Data warehouse applications:

Business intelligence tool offers greater data analytical solutions. You can collect the data warehouse from various sources. This type of warehousing is more suitable to extract the information to carry the data analytical task effectively.

 Want to know more about MSBI,visit here MSBI Tutorial.

Limitations of MSBI:

The below are the few disadvantages of using MSBI:

1. MSBI tool crowded with a lot of user interfaces, so users may get confused.

2. Sometimes very difficult to understand and master the tool concepts.

3. consists of rigid formulas.

4. Offers limited data handling in free versions.

Criteria used to compare between MSBI and Power BI tools:

While comparing these two tools, the user may get confused to decide on what basis you need to perform the comparison. We are here to help you out to select which criteria are more important in your organization.

1. Definition

2. Advantages

3. Mechanism of working

4. User-friendly

5. Data handling capacity

6. Learning curve

Learn Top 30 MSBI Interview Questions

MSBI Training

Weekday / Weekend Batches

Major differences between MSIB and Power BI:

MSBI VS Power

Here are the major differences between MSIB and Power BI based on criteria:

1. Definition:

a. The MSBI tool helps to integrate the data processing components and programming user interface. This may also help in the testing and data deploying reports in the organization.

b. Power BI tool used to access a wide range of data analytical points to generate and analyze the data reports. This tool is mostly used in turning unshaped data types into structured and modeled data formats.

Click here to get latest Power BI Interview Questions and Answers for 2022

2. Working mechanism:

a. MSBI tool is an on-premises software and available in the form of its own server format and equipment.

b. Whereas Power BI tool is cloud-based application software, used to access data through the web browser.

3. Advantages:

a. This MSBI tool has a greater drill-down feature and offers high data access.

b. Whereas Power BI has a greater data visualization, and also offers high-level visual representation.

4. User Experience:

a. MSBI tool is more difficult and very manual when compared to power BI. So user considers this too as their second option when it comes report generation task.

b. Power BI has a good graphical component and that provides an edge over the MSBI tool. So this is a great tool to use when it comes to reporting generation.

5. Data Handling:

a. MSBI has a capacity to handle semi structured and structured data and helps users to generate larger reports data.

b. Power BI is capable to handle both unstructured and semi structured data.

6. Learning curve:

a. In the MSBI tool, all the codes which are related to reporting generation are handled by developers.

b. Power BI consists of graphical features, they fulfill the data visualization and report generation process. So non-programmer can also learn this tool. 

To gain in-depth knowledge with practical experience in Power BI, Then explore hkr’s Power BI Training In Hyderabad !

Conclusion:

The main moto to use both MSBI and Power BI tools to protect business data and offers data insights. These business intelligence tools are most widely used by business analytics, IT professionals, and data analysts. I think most of the top companies prefer to use the Power BI tool to offer effective data visualization process, we can say that MSBI is a less popular tool. In this blog, we have differentiated both MSBI and Power BI tools on the basis of various criteria. 

 Related Articles:



Source link

Who Gets the Tax Credit When You Outsource Payroll to a PEO? – Houston Tax Attorneys

Security Risk — AI Engagement Letter Advice, Inside Another Large Law Firm Hack

If You Never Received a Form 1099, Do You Still Have to Report the Income? – Houston Tax Attorneys

Copyright © 2024 All Rights Reserved.