While any major hack can reflect poorly on even the most trusted businesses, the release of the Panama Papers from the law firm and corporate service provider Mossack Fonseca created a disaster for the firm, which led to a widespread investigation on part of the Panamanian, Peruvian, and Salvadorian police. In addition to the questionable business practices revealed through the data breach, the hack showcased multiple vulnerabilities within the company’s email server, which was using poor, outdated versions of key security tools.
A massive data breach
On April 3, 2016, German newspaper, Süddeutsche Zeitung, revealed that 11.5 million confidential documents from Mossack Fonseca had been leaked. These documents would later be dubbed the Panama Papers; they dated back to 1970 and revealed that a number of the firm’s clients hid billions of dollars in tax havens. The data was so extensive that SZ required the help of the International Consortium of Investigative Journalists to sort through each of the confidential documents. The source of the breach was primarily through compromised email servers, which contained emails, database formats, PDFs, images, and text documents.
Questionable business practices
In many corporate data breaches, those who suffer most are individual clients. In the case of Mossack Fonseca, the clients whose information was leaked were large corporations themselves, and they had participated in compromising activities that launched an investigation of Mossack Fonseca and its clients. The company defended its actions and those of its clients by stating that the responsibility for potential legal violations lied with other institutions.