Watson, Farley & Williams has rushed to remove a video from YouTube which exposed confidential client and partner information.
The five and a half minute video showed someone with administrator-level access moving around the shipping specialist's website demonstrating various features.
Three minutes in, the cursor opens a 'Business Development' section which reveals a list of 'Deals' and a list of 'Pitches'. Several matters are shown, two of which are labelled explicitly as 'Confidential'.
Not to give too much away, but lots of those redacted deals concerned boat stuff.
The tour then turns to WFW's billing system. In doing so, it reveals the identity of WFW clients and the matters on which the firm was working. Details of clients' invoices are also shown, and their balances on client account.
Clients, matters, monies, all set out clearly. Looks like a great system!
The footage has been available for anyone to see for two years. It was uploaded in 2017 by an employee of Aderant, a US IT business which claims to be "Reimagining law firm success".
"Just gonna upload it like...that. Bingo."
Steve McHargue, a 'Senior Solutions Architect' at Aderant on whose YouTube channel the video was posted, describes himself as a 'portal evangelist'. Luckily for WFW his congregation is very small and in two years Aderant's blooper reel garnered only 17 views.
Which is just as well, because at least two partners have the right to be absolutely livid about the breach.
The final third of the video takes viewers on a spin around pages showing WFW lawyers' utilisation rates. Two named WFW partners are used as examples, with the operator revealing screens that show that their performances were below average compared to the rest of the maritime team, as well as compared to the London office and the firm as a whole.
The humiliating information even includes the amount of sick leave they took, along with their remaining holiday entitlement. About the only detail Aderant didn't reveal was their pay.
Billings up over last year, at least.
The video was deleted from YouTube within hours of RollOnFriday alerting WFW.
In a statement the firm said McHargue intended to share the video privately for an internal training scheme, but inadvertently posted it on a public site. He is said to be "mortified" by the slip.
The firm said Aderant did not have WFW's permission to create the video. It said it took data breaches "very seriously" and was "concurrently conducting our own investigations including, among other things, action on the part of the supplier".
WFW warned "third parties" that the information contained in the video "is confidential and should not be disseminated" and that "the video or any parts of it should be deleted”. An important message to send, albeit two years ago.
Jesus. What an embarrassment. WFW’s management need to go round and wake up whoever does the firm’s social media/media screening as they’ve obviously been asleep for two years! This should have been picked up long ago. The upside is that there were only a handful of views over the period so no real damage done but shows the level of interest in WFW on YouTube. Cats playing with silver balls or people slipping on icy pavements will always be more entertaining.
Does wfw have a GC? If so, then he/she needs to investigate why this footage was available for so long undetected. My firm regularly screens media and social media for references to the firm as part of its risk strategy.
They need to do more checks of what is up about them on the internet. Also I donm't think all contractors realise the professional duties on solicitors even not to name a client without permission.
They need to check if anyone has copied it anywhere else too.
"Wake up whoever does the firm's social media/media screening..."
Perhaps just hire people who are actually qualified and competent in those areas.
I don’t think it’s a firm’s social media team’s responsibility to do ‘media screening’ to the extent of hunting down vids some eejit in Texas has accidentally put on YouTube. It wasn’t their fault, it was the contractor’s.
How is it remotely possible that this went unchecked for nearly two years on a public media forum? As a GC I want my confidential information that my lawyers hold to be just that (we aren’t a client of WFW). I’m responsible for risk strategies in my business and our risk policies include daily searches on media and social media and monthly deep-digs to identify anything adverse to the business. Don’t all law firms do the same? This instance doesn’t come across as malicious but regular screening will catch mistakes but more importantly malicious attacks. WFW should be grateful to ROF for highlighting this as it could have been so much worse. I will definitely be asking my panel firms what their risk policies are with regard to this type of incident.
Anonymous at 04 October 9:07
Media screening is a service you pay for. All organisations concerned about risk and reputation use media screening services to "hunt down" this type of thing, It would involve WFW investing money in tech...something they obviously don't do now.
In-Houser @ 09.21
Absolutely on point. All of my clients carry out screening in this way and so does my firm. Clients take this topic very seriously, especially those clients involved in media-sensitive sectors such as energy, commodities, and extractives.
Maybe WFW needs to wake up their risk management people as well?
WFW doesn't do risk management or tech. Way behind the times!
Was the video labelled "WFW's intranet" or something similar? If not, wouldn't it be almost impossible for the social media team or risk management to find? Short of going down a three month youtube rabbit hole. Or am I a luddite?
The QC commenting earlier should probably get in touch with Aderant. I expect a law suit is coming its way in which it might need representation.
God I hated aderant- terrible system.
What is concerning is the number of dislikes on the various comments above. The comments are on the whole sensible and pragmatic, and reflect general risk management thinking that most companies (and hopefully law firms) follow; why would anyone dislike them. Hopefully it is just people trolling and not members of WFW management trying to neutralise the comments; that would be even more of a concern about the firm’s attitude to risk.
Good comment Cautious Karpov. LOL.
i see the number of dislikes are creeping up. That’s just because they’re rattled. Chickens always come home to roost and the truth always comes out.
Cautious Karpov’s and The enforcer’s comments are a bit harsh. Yes, it is true to say that it should have been picked up long before now (probably the day it was posted on YouTube or within 24 hours) and that the firm’s management should have had procedures in place to screen the media, and this episode may well have repercussions; but let’s remember that it wasn’t the firm’s fault that the video was on YouTube, hardly anyone has seen it, and the information that may have been shown was probably of limited use to anyone who would have been using YouTube. In my view there’s little damage done because of the original posting and wfw has had a wake up call to sort it’s media screening and media risk processes out. ROF has done WFW a favour.
If I was one of the partners whose confidential information was on that YouTube video and it is established that the firm had no adequate risk process in place for media screening then I would be livid and would be expecting the MP/COLP to resign.