Major U.S. law firms have become more vigilant in recent years about the risks of cyberattacks, but the revelation this week of a major hacking incident on two New York firms are a reminder that the industry remains vulnerable.

The Manhattan U.S. attorney’s office unsealed a criminal indictment Tuesday against three Chinese men accused of using stolen law-firm employee credentials to access troves of internal emails at two law firms. The men, according to prosecutors, used details they obtained in law-firm partner emails about pending deals to make more than $4 million in illegal stock trades.

While the indictment didn’t name the firms, The Wall Street Journal previously reported that prosecutors were investigating a hacking incident at Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP. Details in Tuesday’s indictment indicate those two were the firms in question.

Source: Cyberattack Exposes Law Firms’ Weak Spots