Having never heard of “The Dark Overlord” until coming across the name in the summary of a recent federal lawsuit filed against a Kansas City, MO law firm, I got a bit excited.
The Dark Overlord!—It had a ring to it suggestive of a “Star Wars” villain like Darth Vader or Darth Sidious, or perhaps a “Lord of the Rings” villain such as Sauron, the Balrog, or Wormtongue. Thus, I imagined that the litigation—Hiscox Insurance Co., et. Al v. Warden Grier (No. 4:20-cv-00237-NKL in the Eastern District of Missouri)—might offer a bit more excitement than the usual boilerplate found in such legal action.
Well, no Sith Lords, wizards, or fire dragons are referenced in the complaint, but The Dark Overlord is an international hacker organization that has gained notoriety through its cybercrime extortion tactics. This served to make the case more interesting than most and, upon further reading, raised some intriguing questions about dark web ediscovery.
Maybe The Dark Overlord Was Just Conducting a Little eDiscovery
The Dark Overlord apparently hacked Warden Grier’s computers in 2016 and stole data relating to the insurance company’s clients and attorney-client privileged information, among the trove of business dealings contained in its computers. The law firm contacted the FBI and hired its own law firm to investigate the breach, but reportedly ended up paying a ransom to the hacker group to keep the data private.
However, whether by accident or malfeasance some of that data ended up on the Dark Web, where it was inadvertently discovered by a Hiscox employee. The insurance company initiated its own forensic investigation and notified its clients of the breach, spending more than $1.5 million for the cleanup.
In its March 27th filing, Hiscox alleges that the law firm breached legal obligations under its retainer agreement, ethical obligations to protect client confidences, and negligence in not protecting client data. The lawsuit also accuses Warden Grier of failing to follow state law in notifying its clients about the breach, which in turn put Hiscox in legal jeopardy for its own failure to timely notify its clients of the breach.
What of Dark Web eDiscovery?
The case raises a number of interesting issues regarding data sharing and data breach cases, but the first questions that came to my mind were:
OK, so the last question cannot be taken literally, but, being a nefarious hotbed of criminal activity, one could surmise that the Dark Web utilizes some kind of villainous gatekeepers. Or perhaps not. Being “dark,” its denizens can easily slip deeper into the dark to evade intrusion. In fact, navigating the Dark Web may be the first hurdle in any ediscovery. Not only do you need specialized knowledge about how the Dark Web works, but you’ll need a Dark Web browser and search engine. Good luck finding those.
Fortunately, ediscovery tools continue to evolve and can be configured to conduct Dark Web investigations and collections. Whether you need standard ediscovery tools or need to do ediscovery battle in the Dark Web, learn more about the Lumix ediscovery platform today.