I was out of town last week so I just spent my Monday un-bleeding all of my security settings. Thanks Internet.
Mashable has been keeping an excellent scorecard of what's been affected by the Heartbleed leak. But do you think your lawyer reads Mashable? If you have an "experienced" lawyer, he probably thinks Heartbleed is a new side effect of his Cialis prescription. It's probably worth it to call your attorney to make sure your client details aren't sitting in firm-wide Dropbox that's waiting for an assistant to give it a new password.
And, you should probably tell you attorney to check the following sites for Heartbleed exposure: they're not on the Mashable list, but lots of lawyers use them...
Lawyers put your documents full of your sensitive information into things like Dropbox (and Box) all the time. So make sure you check with them, especially if you have an active matter where you are sending your attorney a lot of information.
But lawyers use some other file-sharing and case management tools that have also been effective by this OpenSSL meltdown. Robert Ambrogi's LawSites has done a great job compiling a list of potentially vulnerable programs:
Among legal sites, here are some that I have confirmed did use OpenSSL:
- Mootus. Mootus says it has no reason to believe any data was compromised. It took immediate steps to patch the bug and install a new SSL certificate.
- Estate Map. Immediate action was taken to patch the bug and reissue its SSL certificates, among other actions. (But see my Saturday post about Estate Map shutting down.)
- MyCase. "We responded immediately and notified out customers virtually immediately as well, I think quicker than any other company I have seen," CEO Matt Spiegel told me. They had patched the software and reissued their SSL certificate with 24 hours.
- Clio. Clio posted a notice on its site saying that it "worked tirelessly to patch and secure all systems affected by the Heartbleed bug" and that it has "no evidence that customer information was compromised."
Other popular programs, like LexisNexis Firm Manager, don't appear to be affected.
If you use a lawyer, it's your lawyer's responsibility to protect the confidential information you share. But don't just assume your attorneys know what they are doing. People who get into law are not renown for their tech savvy skills.
Your lawyer works for you. Pick up the phone and give them a call if you're worried that your information is exposed.