Last week, the Fifth Circuit upheld the conviction and sentencing of Anastasio Laoutaris, who was accused of hacking into the computers of an Am Law 100 firm resulting in over a million dollars’ worth of damage. In 2016, Laoutaris was sentenced to 115 months imprisonment and ordered to pay $1,697,800 in restitution for two violations of the Computer Fraud and Abuse Act that shut down hundreds of computers and accounts at Locke Lord LLP.
But Laoutaris wasn’t your made-for-TV hacker: He was no anarchist computer-whiz teenager, no member of a Russian cyber-extortion collective, no government-backed computer espionage expert. He was a Senior Systems Engineer who had spent five years with the firm before he was accused of high-tech and extremely expensive corporate sabotage.
Laoutaris’s story reminds us that, for all the focus on malicious outsiders, some of the greatest threats to law firm data security come from within the firm itself.