Confidential company data leaked on law firm’s unsecured cloud server

TechCrunch reports that an unsecured Microsoft Azure cloud server at New York-based law firm Proskauer Rose left sensitive client data related to the company's merger and acquisitions business exposed for more than six months. The exposed data set comprised a total of 184,000 files including private and privileged financial and legal documents, non-disclosure agreements, financial deals, contracts, and files associated with high-profile acquisitions, which any individual could have accessed via a web browser if they knew where to look. GrayHatWarfare reported on the exposure through its database, and Proskauer has addressed the incident but has not yet informed its clients. A representative for Proskauer said the company had recently been made aware that "an outside vendor that we retained to create an information portal on a third-party cloud-based storage platform had not properly secured it," but declined to name the vendor. "Our IT security team immediately took steps to reconfigure the site and secure its data," the company said.