The lawyers at the center of a scandal surrounding the release of data pertaining to the use of offshore accounts by the rich and famous have claimed that the data was obtained in a hack.

If you’ve missed the story so far (and it would be hard to), the so-called “Panama Papers” are a staggering 2.6 terabytes of data from Panama City law firm Mossack Fonseca which includes information on the use of offshore companies by the likes of Vladimir Putin, now former Iceland Prime Minister David Gunnlaugsson, the father of British Prime Minister David Cameron, and countless other politicians, bureaucrats, leading businessmen and businesses, and celebrities.

It should be noted that the use of such entities doesn’t necessarily mean that anyone involved has broken any laws, but in a political environment typified by the likes of Bernie Sanders and a hatred of the so-called 1 percent, a media witch hunt is in full swing.

Mossack Fonseca Founding Partner Ramon Fonseca told Reuters that the firm had broken no laws and that all its operations were legal, and nor had it ever destroyed any documents or helped anyone evade taxes or launder money.

“We rule out an inside job. This is not a leak. This is a hack …We have a theory and we are following it,” Fonseca said.

“We have already made the relevant complaints to the Attorney General’s office, and there is a government institution studying the issue.”

Mystery hack

According to a report in the Spanish press (link in Spanish), the hacker accessed the documents by breaching Mossack Fonseca’s e-mail server, although by what method simply isn’t clear at this point.

Sophos Group PLC security proselytiser Paul Ducklin speculates on the method possibly used, saying:

Given the scale of the breach, it certainly sounds as though there was more involved than just finding a password or tricking a user into opening a booby-trapped attachment.

Presumably, the hackers needed to get in, find their way around, figure out what data was stored where, work out how to access it, and then find a way to collect and exfiltrate it.

Mossack Fonseca for its part is said to have taken necessary measures to prevent a hack from happening again by taking additional measures to further strengthen its systems, although in this case the horse has already bolted from the stable.

Whether you think the data being made public in this case is justified because it has a public interest, it should be noted that we are talking about stolen data here, data about private individuals, and there’s more than a touch of hypocrisy in the gleeful way the story is being reported while if the data breach was of say medical, financial of other types of data from the rest of the population the theft would be condemned by the media.

The last word should be left to Ramon Fonseca, who added to Reuters “The only crime that has been proven is the hack … No one is talking about that. That is the story.”

Image credit: danielsgray/Flickr/CC by 2.0