Lawyer Hackers: Profiting on Client Data Breach Negligence by Scamming IT Support Firms
The country is still raw. The assassination of Charlie Kirk at a Utah University this month shook politics and media alike — a brutal reminder that today’s headlines bleed into every corner of life, including the quiet, technical world of managed IT services.
But while the nation mourns and debates motives, another kind of violence is being carried out in boardrooms and inboxes: business assassinations by lawyers who have learned how to weaponize fear, ignorance, and the chaos that follows a data breach. Think of it as a legal thriller written in e-mails and demand letters — a John Grisham courtroom scene.
This isn’t a conspiracy theory. It’s a playbook — and it’s working.
New Ambulance Chasers
Once upon a time, “ambulance chasers” were caricatures: greasy, opportunistic lawyers waiting at crash scenes. Now they’re more sophisticated — calling themselves “privacy counsel,” “cybersecurity litigators,” or “data protection specialists.” They monitor public breach notices, scrape state attorney general lists, and watch the directories where incidents are posted. When a company, client, or MSP (Managed Service Provider) shows up in those lists, the script begins.
Here’s the story you’ll hear in courtroom-adjacent bars and break rooms: a client’s data was “exfiltrated” or money inadvertently wired to parties unknown. The MSP failed to protect the client (even though most breaches are human error and most wire transfers are done over the phone). The damages are massive. The demand: millions. Insurance companies and MSPs cough up settlements. The lawyers and their expert witnesses bill and get paid. The client, angry and embarrassed, accepts a settlement to “move on.” The MSP — often the smaller party — is left to bleed cash or go bankrupt.
It’s a profitable ecosystem for those who know how to sell righteousness and victimhood to the folks who make colossally dumb mistakes using a computer.
Employers are solely responsible for the computer use of their staff and 99% of data breaches are human error.
How the Scam Looks (From the Outside)
WARNING: I’m not writing a how-to — I’m outlining what victims report so the public and authorities can recognize and begin to stop it. The pattern repeats:
- A client clicks a phishing link, wires money to the wrong account, or emails unencrypted personally identifiable information. Human error starts the cascade.
- A breach shows up on a state or federal and insurance or other lists. A law firm with a flair for timing sends a demand letter to the MSP, alleging negligence and claiming millions in damages.
- The law firm retains “experts” — usually ex-technical types who are paid to produce a dramatic, simplified report with a supposed timeline that points blame at the MSP and glosses over the client’s negligent actions.
- Litigation begins. Discovery is expensive. The MSP — facing ruin — often settles rather than fight, even with solid contracts and logs or reports that prove they followed the required procedures.
The nastiest part? The plaintiff’s team often leans into the performance: the nerdy expert who with a pocket-protector and coke-bottle glasses, the lawyer who plays “just a small-town bumpkin” who is hard of hearing in depositions, and the narrative that the MSP was the ONLY line of defense between the client and catastrophe.
That story sells to judges. It terrifies boards. And money changes hands.
When Technical Evidence Meets Legal Theater
Here’s where the story gets juicy: the MSP usually has the real evidence. Network logs. Incident response reports. Contracts that define responsibilities. Forensics showing the initial vector — often human error, not a “failed firewall.” Yet in courtroom theater, technical reports read like poetry in another language to judges, juries, and even many attorneys. Complexity is a weapon.
Plaintiff lawyers bet on this cognitive gap. They present an authoritative-sounding expert who points to a “failure” without providing the raw artifacts, chain of custody, or testable methods. They demand a lot. They settle for less.
If you’re an MSP, that’s a nightmare. If you’re a client, it’s a cautionary tale: your own mistakes can cost you far more than your initial blunder.
MFA — Keep It Simple
Let’s pause for a security note for MSPs and business owners because this is where half of the problems begin: authentication. You’ll hear the term MFA — Multifactor Authentication — and people’s eyes glaze over. Here’s how to explain it:
MFA is just password protection.
Tell clients: treat MFA like turning on the alarm system for your online accounts. Neither ignorance nor apathy are ever a valid legal defense. If clients refuse MFA, that refusal becomes a liability in court and in the insurance room. MFA is NOT a click of a button to implement, and clients must authorize enabling MFA as they will need assistance logging in the first time.
Fraudulent Expert Play
Watch for this red flag: an expert report that offers dramatic conclusions but no evidentiary trail. No preserved hard drives. No retained logs. No reproducible methods or timeline showing the attacker’s method. Instead, you get a confident narrative and a declaration of “industry standard” failure. That narrative is designed to mislead.
A savvy MSP documents everything during and after an incident: what was preserved, what was remediated, who authorized what, and timestamps for every step. That paper (or, more accurately, log) is your lifeline. Unfortunately, since the matter involves technology, unscrupulous plaintiff lawyers will simply make up a story – essentially testifying for their client which the defense rarely objects as facts not presented in evidence.
“They (MSP) were getting worried and finally scrambled to do something” will be the exclaim when Incident Response with any required remediation is standard practice for a data breach.
Contracts, Insurance, and Countersuits
Here’s the blunt truth: if you’re an MSP, you should absolutely counsel your clients about risk. You support them but can’t protect them from themselves on a computer. Insurance carriers and legal teams will often tell you that countersuing is unseemly or expensive. They’re not wrong — it is expensive. But there are times when a countersuit is the right move: to stop frivolous claims, to protect your reputation, and to push back against fraudulent litigation strategies.
Make sure your contracts are clean, that your master agreements define the scope of responsibility, and that you maintain a documented incident response plan that’s executed to the letter. If the client’s errors caused the breach — and your logs show that — that’s a defense, not a narrative you surrender.
Human Cost
All of this sounds transactional, but there’s another layer: karma. People who think they can bilk insurance or extort settlements from MSPs don’t always run free forever. The modern world keeps records, and the people you hurt can fight back in ways both legal and not. The same tools used to scare companies into settlements — forensic investigators, cyber response teams — can also, in other ways, rip apart arrogant empires. Payback is not poetic; it’s practical. The digital footprints you leave are long and reckless habits with everyone you interact make you a justified mark.
I’m not advocating vigilantism. I’m reminding you that in the connected world, the social and financial cost of predatory behavior compounds over time.
What MSPs Should Do Right Now
- Document everything. Make frequent disclosures in writing for any and all business and technology risk on websites, blogs, webcasts, books, and advisories. Preserve logs, chain of custody, incident reports, and communications. If it happened, log it. If you told the client to enable MFA and they refused, document that refusal.
- Clarify contracts and liability. Make responsibilities explicit. MSPs should avoid vague language that leaves them open to creative theories of negligence.
- Train clients on phishing, MFA, and basic hygiene weekly. The weakest link is almost always human. Make cyber hygiene a business conversation, not a technical sermon.
- Keep incident response playbooks ready. Speed matters, but so does method. Use reputable vendors for forensics and retain them immediately when an incident occurs.
- Talk to your insurance carrier early. Your clients should have their own Cyber Liability Insurance since yours cannot cover them.
- Consider legal posture. If you’re being targeted by opportunistic counsel, your best defense might be aggressive documentation plus selective counterclaims – including notice to corporation commissions and state licensure boards.
A Final Word — Ethics, Reputation, and the Long Game
Lawyers are officers of the court. Experts are supposed to be sworn to truth. When either side weaponizes fear and performs for settlements, the system fails. The real victims are the clients, small businesses, and the public trust in technical experts and attorneys.
This is more than a legal or technical problem. It’s a moral one. If you’re a lawyer considering this route — the one that skirts truth and trades on known fraud — ask yourself what kind of legacy you want. If you’re an MSP, remember that your real product is trust. Protect it like your last asset.
We live in an era of fast headlines and viral outrage, where an assassination in Utah can shake the nation and a cleverly worded demand letter can rattle a small business into bankruptcy. The good news is that truth scales: logs don’t lie, contracts matter, and a well-documented response will win more battles than theatrics ever will.
If you run an MSP, treat this moment like both a warning and an opportunity. Harden your clients, document every conversation, and be willing to stand and fight when fraud comes knocking. For everyone else watching this unfold — keep your passwords tight, use MFA like a second lock, and don’t let ignorance and arrogance be the currency that funds someone else’s payday.
Because in the end, the people who profit off other people’s pain rarely stay anonymous forever. The ledger of history — and of the internet — is long. And it keeps receipts.
