Recent Increase in Cybersecurity Threats and Your Reporting Obligations
In the last few weeks, the Law Society has received reports of law firms being hacked and cybercriminals gaining access to client files. Cybercriminals use social engineering techniques to gain access to a lawyer’s data, disguising themselves as a trusted person or organization. Lawyers are high value targets for cybercriminals, and this is a reminder to be suspicious of unexpected emails, phone calls, calendar invitations or other electronic communications.
You should also be aware of your obligations in the event that a breach occurs. Depending on the circumstances, you may be required to report a breach to your client, Alberta Lawyers Indemnity Association (ALIA), another insurer, the Office of the Information and Privacy Commissioner of Alberta (OIPC), and the Law Society’s Trust Safety department.
Resources
Our Privacy Breached: Now What? resource can help you better understand your reporting obligations. Our March 2025 article on Cybersecurity Threats: Recent Instances of Trust Account Theft includes proactive measures to mitigate the risks of evolving digital threats.
If you are unsure whether to report an incident, contact one of the Practice Advisors for confidential guidance.