Caroline Morgan featured in an article by InformationWeek: Payroll Provider Zellis Falls Prey to MOVEit Transfer Breach

Caroline Morgan featured in an article by InformationWeek: Payroll Provider Zellis Falls Prey to MOVEit Transfer Breach

Culhane Meadows’ New York partner Caroline Morgan was recently quoted in an article for InformationWeek which discusses data breaches at third-party vendors.

Here are a few excerpts from the article:

Hackers exploited a zero-day vulnerability, hitting Zellis and some of its customers. How can customers respond, and how should enterprises manage third-party risk?

Zellis, a payroll provider serving the UK and Ireland, and some its customers have been impacted by the exploitation of a zero-day vulnerability in the file transfer tool MOVEit. Microsoft security researchers have attributed the attack to Lace Tempest, a group affiliated with Clop ransomware. The group responsible has posted a warning to the impacted companies on the dark web: Get in touch by June 14 or the stolen employee data will be published, BBC News reports.

How can Zellis customers respond, and what can other enterprises do to manage their third-party risk?

The impacted companies will also need to take steps to protect their employees. “If a company suspects that its employee data could be comprised, the organization should immediately inform its employees because they are the eyes of the company and can provide valuable information concerning suspicious activity,” says Caroline Morgan, privacy and data security attorney and partner at full-service law firm Culhane Meadows.

In an emailed statement, British Airways noted that it has “notified those colleagues whose personal information has been compromised to provide support and advice.”

Third-party vendors are a vital consideration for companies’ risk management strategies. Morgan recommends reviewing third-party contracts to ensure vendors have appropriate security standards. “Familiarize yourself with indemnity clauses and applicable exceptions,” she says. “If your contracts do not contain the clauses you need or you want to beef up what you have, seek an amendment or consider a more robust vendor.”

But managing third-party risk doesn’t necessarily end with a strong contract. “Although it can be tempting to kick back and let your vendor be in the driver’s seat, staying active within your industry to learn what other companies are experiencing and doing to combat threats, and staying vigilant by monitoring for unauthorized access and atypical downloads, is worth the investment of time,” says Morgan.

Although rigorous due diligence can reduce third-party risk, Ghose notes that “… zero-day flaws are notoriously hard to detect because, by definition, they are novel.”

Read the entire article HERE.


About Culhane MeadowsBig Law for the New Economy®
The largest woman-owned national full-service business law firm in the U.S., Culhane Meadows fields over 70 partners in eleven major markets across the country. Uniquely structured, the firm’s Disruptive Law® business model gives attorneys greater work-life flexibility while delivering outstanding, partner-level legal services to major corporations and emerging companies across industry sectors more efficiently and cost-effectively than conventional law firms. Clients enjoy exceptional and highly-efficient legal services provided exclusively by partner-level attorneys with significant experience and training from large law firms or in-house legal departments of respected corporations. U.S. News & World Report has named Culhane Meadows among the country’s “Best Law Firms” in its 2014 through 2023 rankings and many of the firm’s partners are regularly recognized in Chambers, Super Lawyers, Best Lawyers and Martindale-Hubbell Peer Reviews.


The foregoing content is for informational purposes only and should not be relied upon as legal advice. Federal, state, and local laws can change rapidly and, therefore, this content may become obsolete or outdated. Please consult with an attorney of your choice to ensure you obtain the most current and accurate counsel about your particular situation.