Security · 1h ago
Law Firm's Single Admin Password Exposed All Client Data
A law firm required all employees to share one admin password, granting full access to any account. The policy, revealed by a former IT staffer, meant anyone with the password could impersonate any user and view all client files. The firm has not commented on the security lapse.
Meridian48 take
This is a textbook case of security theater—a single password undermines all other controls, and the firm's silence suggests it may not have learned the lesson yet.
password-securitydata-breach