Industry News

Managing Partners on Notice: You could be the next Mossack Fonseca

Information Security Audit - Don't become the next Mossack Fonseca

By now you will have heard of the Panama Papers, the massive set of 11.5 million documents that was stolen from the law firm, Mossack Fonseca in Panama that details the work they’ve been doing for clients of all types.

The firm certainly seems to have been comfortable working in an ethically questionable fashion, but has never been charged with a crime.  So at this stage, many law and accounting firms across Australia must be feeling a pang of empathy for them.

If you’re the Managing Partner or Practice Manager of a law or accounting firm the key question you should be asking yourself is, how did it happen? What vulnerability was exploited in order for 2.6 terabytes of data to be stolen?

The company says it was an external breach. But the recipients of the file, the German journalists Frederik Obermaier and Bastian Obermayer say an individual contacted them in fear for his or her life but determined to expose what he/she felt was a shady business. That sounds like an internal exploit.

2.6 terabytes is an enormous amount of data. It is extremely hard to move that amount of data either internally or externally without triggering alarms IF the company is properly prepared to detect it.

And that’s the key. Mossack Fonseca now says it will bring in an external consultant to determine exactly how the breach occurred.  But that’s just marketing, trying to reassure clients that it won’t happen again.  If they had obtained regular, professional information security audits and maintained systems that were alert to unauthorised file access and data movement, you probably wouldn’t know their name and they certainly wouldn’t be losing tens of millions of dollars in future revenue this week.

One of the founders of Mossack Fonseca, Ramon Fonseca Mora, expressed surprise and anger at the leak because most of the work they do is at the bounds of ethicality, but still legal. Yet his clients don’t care about the distinction – they pay for privacy and confidentiality, and that’s anything but what they’re currently experiencing.

How many of your clients would you lose if the perfectly legal work you do for them became exposed, simply because it was clear your firm couldn’t be trusted to hold their data safe?

What vulnerabilities are in your network, your applications and your processes? How will you be exploited? How can you mitigate or manage the threat of Data leakage, track where your data goes and who is looking at it?

If you don’t know, you really do need an information security audit from a company that specialises in protecting your secrets. Contact us for a discussion on what is involved.

James Walker


Our Address


1300 667 871 or +61 7 3220 0352

Brisbane Office

Level 5, 488 Queen Street, Brisbane, QLD 4000

Sydney Office

Level 21, 133 Castlereigh Street, Sydney, NSW 2000

Melbourne Office

Level 28, 303 Collins Street, Melbourne, VIC 3000

Our Services

Industry Expertise