The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Suit Claims Attorneys Stole, Destroyed Data Before Joining Rival Firm

by Chris Brook on Wednesday February 17, 2021

Contact Us
Free Demo
Chat

A new lawsuit alleges four attorneys plotted their exit months before they left for a competing firm, then copied and destroyed corporate data.

Employees leave jobs and take sensitive data with them on their way out the door, no matter the industry. It's a trend that's been exacerbated by a handful of factors of late, the COVID-19 pandemic, an unsettled market, and uncertain times in general.

It happens in the legal world too; we learned this week that one law firm is suing another after four of its former attorneys jumped ship to a competing firm across town and reportedly took some of its data with them.

The case revolves around a St. Louis based firm, Armstrong Teasdale, that recently expanded to Wilmington, Delaware. Among the office's new hires? Four former partners of Elliott Greenleaf, a firm that also has an office in Wilmington. The complaint alleges that before leaving Elliott Greenleaf, the four - Shelley A. Kinsella, Jonathan M. Stemerman, Eric M. Sutty, and Rafael X. Zahralddin – plotted their exit, then copied and destroyed corporate data before abruptly leaving and joining Armstrong Teasdale.

The Wilmington office is poised to be Armstrong Teasdale's seventh new office in the last two years. While Elliott Greenleaf still lists a Wilmington office on its website, the firm said in its complaint that losing all of its lawyers effectively means it will be closing.

Per the lawsuit, the attorneys copied files on clients, correspondence, records and property to help make their move to Armstrong Teasdale easier but make it harder for their former firm to retain clients they'd been helping.

In November, Elliott Greenleaf claims Zahralddin used the firm's email to instruct an intern to download corporate template documents from Westlaw, the Thomson Reuters online legal research service, and save them to a Google Docs account he could access. The suit also alleges he used a personal USB device “in an unauthorized manner.”

"Upon information and belief, with this device he accessed and downloaded onto the device Firm client files and work product, to facilitate the Defendants' transition to new employment at Armstrong Teasdale,” the lawsuit reads.

He also forwarded company data outright, including emails and files related to work he performed for clients, to his personal iCloud in December, hoarding even more company data.

Sutty did the same, sending pleadings, correspondence, and court records, along with confidential internal firm records like client opening firms and conflict checks to an external Gmail account.

The lawsuit, which was filed in the Montgomery County, Pennsylvania, Court of Common Pleas on Feb. 5, hints that the attorneys had planned to leave back in October; they didn't inform Elliott Greenleaf about their plans to leave until December 28, announcing their resignation effective January 1. Armstrong Teasdale announced they'd joined the firm on January 4, as reported by Delaware Business Now.

It wasn’t just forwarded emails and USB sticks; in December, the attorneys arranged to have 288 pounds of paper files from the firm's Wilmington office shredded, a bill the firm was left to pay. The attorneys even arranged to have the office's furniture and other contents moved and placed into storage.

While the attorneys were aware of their professional obligations to the firm – Elliott Greenleaf’s files and data were company property, as were the computers by which they stole the data – they denied any wrongdoing.

The fact that the attorneys were all working from home and not in the office sounds like it made it easier for them to make off with the firm’s data.

Maryann Millis, a paralegal who worked out of the Wilmington office, also named in the suit, concealed her plans to leave the company until the very end, accessed the firm's systems remotely, emailing records from her work email account to her personal email on December 30.

It wasn't until the evening of January 4, following days of copying data and after she too had accepted a job at Armstrong Teasdale, that Millis informed the firm she was resigning too.

The attorneys may have done more than just email themselves documents. In addition to Google Drive, a review uncovered cloud-sharing apps like Dropbox, Box, and OneDrive on many of their company laptops too.

According to the complaint, the four attempted to conceal their activity throughout by “double deleting” emails, both from their inboxes, then from their “deleted email” folders, as if to delete them permanently. That didn’t hide the evidence of their misdoing however, the firm was able to determine the attorneys had deleted emails using their backup systems, although it’s not clear just what kind of visibility they had.

By misusing the company's computer and email systems, not to mention using cloud-based storage accounts and hardware, the ex-employees violated policies put in place by their employer. Judging by the complaint, there weren’t solutions in place to prevent the theft of firm data and records, nor was there a way to alert the firm of their soon to be ex-employees' malicious actions in real time. Nothing stopped them from doing it outright, meaning by the time the firm noticed, it was too late.

It's the second story involving stolen files at a law firm to surface this month.

Jones Day, a firm with several high-profile clients, including former President Donald Trump, was apparently targeted in a ransomware attack earlier this month. The Clop ransomware gang claimed to have hit and subsequently leaked data from the firm this week. The firm disputed that its network was breached in a comment made to the Wall Street Journal and instead said that a file-sharing company that used was recently compromised and had information taken.

Tags: Data Theft, Insider Threat

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.