On Tuesday, a co-founder of Mossack Fonseca, the Panamanian firm that experienced a massive breach of 11.5 million documents that revealed the practices the firm employed to help its ultra high-net-worth clients and family offices shield assets from taxation.
The firm's co-founder Ramon Fonseca told Reuters that the firm filed complaints with the Attorney General's office in Panama. “We rule out an inside job. This is not a leak. This is a hack,” he said on Tuesday.
In a separate interview, Fonseca told the Associated Press that the firm, a specialist in helping the ultra-wealthy set up offshore companies, was hacked from Europe.
The volume of data in the files, referred to as the Panama Papers, has created a stir in the information security industry. “Traditional security monitoring systems should have caught something that big,” wrote Inspired eLearning cyber security advisor Tyler Cohen Wood, in an email to SCMagazine.com. “In my opinion, this was either an inside job or they didn't implement proper security measures to detect that activity.”
A consultant at Nuix told AP his firm assisted the journalism group that published the documents. Carl Barron, a senior consultant at the digital forensics firm, said the firm used reduplication to cut down on the size of the cache by 30 percent. It took several weeks to process the documents, he said.
The release of these documents has prompted a more nuanced dialogue involving encryption technologies than the heated arguments voiced during the FBI-Apple legal showdown. On Tuesday, the FBI's chief information security officer Arlette Hart reportedly commented, “Your footprint is bigger than you know”. She warned individuals to be careful handing over data to other parties.
“I believe that this incident should promote dialogue about the importance of encryption and privacy,” said Cohen Wood, via email. “It should act as a point of emphasis that a comprehensive, up-to-date security awareness program, including encrypting sensitive information and ensuring that access is granted only to authorized individuals, is essential to any enterprise.