The recent leaked papers from the so called ‘leak of the century’ is not perpetrated by a sophisticated intelligence hacking operator. The hack and leak was waiting to happen. Mossack Fonseca believed that because they are offshore in Panama, that their systems are safe. Wrong. As long as your devices have an Ip address, it will be hacked in seconds.
The law firm either took their eyes off the ball or were economical with the truth. The did not employ an IT security professional to look after their clients details. We have since learned that the failed to apply all the security updates for it’s Outlook Web Access login since the spring of 2009. It has also failed to update it’s client login portal since before 2013. It’s website which was powered by the CMS, Drupal has not been updated since 2013, which would exposed the site to more than thirty vulnerabilities. Above all, there was no encrypted TLS security for the site since before 2013. An accident waiting to happen.