Advanced Data Security Flaw Exposes 10,000 Legal Documents

A data security flaw found on Advanced Computer Software left 10,000 legal documents exposed, containing property transactions and personal information.

The online database containing all the sensitive details were scanned and uploaded by legal firms using the product of British software company Advanced.

Property transactions predated 2017 include massive sensitive information of homeowners. Aside from email addresses, the database contained passwords, parent’s names, passport numbers, and eye color.

Advanced Data Security Flaw

British tech company TurgenSec discovered the security flaw and contacted law firms regarding the exposed data. According to the company, leaving a security hole open to the public is serious and can cause potential impact ‘if the data fell into the wrong hands.’ 

TurgenSec also informed Advanced about the flaw, but the software company said most of the data exposed were ‘largely of public record.’

Security and Compliance director Justin Young said, “We discovered some exposed data on one of our historic software platforms and took immediate steps to address the issue, secure the data and make contact with the small number of affected customers.”

The ‘small number of affected customers’ spanned to 193 law firms. Each law firm has an indefinite number of clients, but in number, there are 10,000 documents exposed. While Advanced claimed that data exposed were public record, authentication information is a different concern.

With passwords and email addresses, it would be easier for hackers to access anyone’s account. The huge impact is dubbed high-risk, especially for the law firms and clients involved.

Data-Control Failure

Director Young cleared that exposed database only contained ‘very limited amount’ of information and passwords were secure in a hashed form. ‘None of the data is deemed sensitive or special category under current legislation. We have taken legal advice to verify our position,’ said Young.

However, according to a point person in the situation, Advanced has not yet informed the data incident to the Information Commissioner’s Office. This brings another issue whether Advanced is doing the right steps to attend to the situation and avoiding sanctions.

The company handles a massive list of clients, including the National Health Service and the British Gas. In its website, the software company claims, ‘Sourcing systems that offer optimum levels of protection is key’ in reference to criminals trying to target law firms.

The security flaw is the latest data-control issue that targets law firms in the United Kingdom. Despite acquiring more legal companies, Advanced failed to increase security on its database.