Following a ransomware attack that took down the company’s servers for nearly a month and then layoffs resulting from the coronavirus pandemic, the chief executive officer of Epiq Global said he is proud of how the company handled these incidents and that he expects the company to bounce back to where it was.
In an interview last Friday, CEO David C. Dobson spoke publicly for the first time about the incidents, saying he wanted to make sure the public had the facts.
“I’m very proud of how we handled these events,” Dobson said. “Handling one event is darn difficult. Handling two is almost incredible. I think – no, I don’t think – we have responded incredibly well based on the feedback from our customers, our owners and our employees. All three of those constituents have said they’re so proud of what we’ve done.”
On March 2, this blog broke the news that Epiq had shut down its servers worldwide after discovering what was later revealed to be a ransomware attack. Later, this blog also broke the news that the company had laid off some 200 employees.
Dobson took issue with some of my reporting about those incidents, disagreeing with my report that some customers were kept in the dark about the ransomware attack and disputing another report suggesting that he misled employees about the possibility of layoffs.
Previously, the company had not responded to my requests for comment about the layoffs. The company did respond in early March when I reached out for information about the ransomware attack and shutdown of its servers.
Background on the Company
Before we discussed specifics of the ransomware attack and layoffs, Dobson provided an overview of the company and himself.
Epiq as it now exists was formed in 2016 out of the combination of Epiq Systems and DTI, rebranding as Epiq in January 2018. Privately owned by two private-equity firms, OMERS Private Equity and Harvest Partners, it is a roughly $1 billion business with 6,000 employees worldwide and about the same number of customers.
The company is organized in three business units:
- Legal Solutions accounts for half the company’s business. This encompasses services such as data collection, forensics, information governance, data processing, document review, and data hosting.
- Class Action Remediation and Restructuring is 30% of the business. This encompasses administration of class actions, mass torts and bankruptcies. Dobson said Epiq is the largest business of this kind in the world.
- Global Business Transformation Solutions makes up the remaining 20% of Epiq’s business. This is focused on outsourced services to large law firms such as e-discovery managed services, information technology management, records management, document production and secretarial support.
Dobson joined Epiq as CEO in January 2019, succeeding John Davenport Jr., DTI’s founder and former CEO. Although new to the legal industry, Dobson had spent his entire career in technology, including 20 years at IBM and stints as the CEO of both Corel Corporation and Digital River.
As the company entered 2020, Dobson told me, it had seen steady growth and had a strong plan for continuing that growth across all its businesses.
The Ransomware Attack
On Monday, March 2, this blog broke the news that Epiq had taken its systems offline globally after detecting unauthorized activity.
Dobson told me that he was first notified at 2 a.m. Eastern time on Saturday, Feb. 29, when the company’s CIO Carlos Gonzalez – who had just joined the company in November – called to tell him that they had detected nefarious activity in their networks.
The company acted quickly to take down its systems worldwide in order to protect client data, Dobson said, and by 9 a.m. Saturday morning, it had engaged IBM security specialists to address the intrusion and help securely bring its systems back online.
“As a result of putting into place our protocols for how we dealt with this, we were able to protect all of our clients’ information – no data was exfiltrated from our facilities,” Dobson said. “The real pain for us and our clients was that it took between 12 and 21 days to restore our systems back to where they were.”
Twelve days after the incident, Epiq began bringing some of its systems back online, but it was not until March 26 that the company was finally able to get all its systems restored.
The reason it took that long, he said, “was primarily because we did not take any shortcuts in making sure that we had no compromises to our clients’ data and made sure that we emerged from this even stronger as far as making sure that access to our systems was highly secure.”
He declined comment on whether the company paid any ransom.
My initial report said that a customer had expressed frustration over the situation to me, saying they were facing e-discovery deadlines but were unable to reach their data.
Dobson took issue with any suggestion that Epiq was not transparent with its customers throughout this time. The company immediately mobilized a crisis-management team that communicated with customers every day, he said, and it prepared FAQs to address their questions, which were updated daily as new information came in.
“We communicated very aggressively with our clients, at least once a day, sometimes twice a day. I personally was involved in more than 70 customer calls.”
The company also held a customer event by phone attended by over 320 customers at which participants could ask any question they wanted. Company executives also met twice by phone with the Legal Services Information Sharing and Analysis Organization, an organization that shares threat and vulnerability information among law firms, during which the company provided detailed information on the incident.
“I could probably put 100 customers in front of you to say how we reacted,” Dobson said. “In fact, one of the largest banks in the United States, who has thousands of suppliers, who’s had tens if not twenties of ransom attacks in their supplier base, said that Eqiq handled it in the most world class and transparent way of any of their suppliers.”
The shut-down of its systems “absolutely impacted our financials,” Dobson said. For 2-3 weeks, many clients could not access their data or send new data. While Epiq was able to set up a temporary cloud-based system on Amazon Web Services for new cases, the 100 or so cases processed there were a small fraction of what the company would normally do over that period.
“At the end of the day, it was a phishing attack that made its way through, a very sophisticated phishing attack, and we addressed it very quickly and we protected all our clients’ data.”
Layoffs and Furloughs
On April 10, I reported here that Epiq had laid off some 200 employees, with more layoffs to come. On April 20, I wrote again about the layoffs, saying that the actual number of employees affected was 400-500. I also wrote that, on March 27 – the Friday before the Monday when the layoffs began – Dobson held a company-wide meeting at which he announced pay cuts across the board but said there would be no layoffs.
In our conversation, Dobson said I got this wrong. At the March 27 meeting, he told me, he made clear to employees that there would be layoffs and furloughs.
“Wherever you got the information that I stood up and said there would not be layoffs and there would not be furloughs, that was just factually incorrect. Of all the things you reported on, that’s what I was most upset with, because you put into question my credibility with my employees.”
He did, as I reported, also announce across-the-board pay cuts, including a 100% cut of his own salary for the second quarter of the year. “I did that because I wanted to let all of our people know that the day I furlough one employee, I had to be impacted. I don’t want to not feel the pain.”
Dobson said the company has made a commitment to its employees that when it comes through this, it will reimburse them for any lost pay if it is in a position to do so. “And I have a high degree of confidence that we will be,” he said.
As to the actual number of layoffs, Dobson said that the number I reported of 400-500 was erroneous because it conflated layoffs and furloughs. The actual number of layoffs was much lower than that, he said, but he declined to specify the number.
In addition to layoffs, he said, Epiq furloughed a number of employees. Although he again declined to state the number who were furloughed on the record, he said that the total of layoffs and furloughs combined exceeded the 400-500 I reported, with the majority being furloughs, not layoffs.
These layoffs and furloughs occurred almost entirely in Epiq’s Global Business Transformation Solutions business, a services business that places professionals on-site in law firms and legal departments. That business employs 2,600 people, and as law offices shut down due to the pandemic, there was nowhere for many of these employees to go or work for them to be done, Dobson said.
The pandemic impacted each of Epiq’s three businesses very differently, Dobson said, with Global Business Transformation Solutions the hardest hit. With 2,600 employees working almost entirely on-site at customer locations, and with some 40% of U.S. law firms shutting down their physical offices, Epiq had no choice but to furlough those people, Dobson said. But he added that the majority of employees in that business unit are still on site and have not been furloughed.
“We have furloughed a large number of people,” Dobson said. “Our desire is to get all these people back into our business as quickly as possible. We’re taking a number of actions to help them through this process.”
In one of my earlier posts about the layoffs, a former employee speculated that the layoffs were the result of the double-whammy of the ransomware attack and the pandemic. But Dobson said that, for the vast majority of the layoffs, the pandemic was the sole cause.
Because Epiq’s Legal Solutions business – the business that is half the company’s revenue – is largely a technology business, it has seen little impact from the pandemic, Dobson said. The company has converted virtually all of its staff to remote work, and it has added new services keyed to the current crisis to help customers go through their current contracts.
While the ransomware attack did impact the company’s financials, Dobson said, the company is now starting to see a bounce back with customers sending new work and it is growing rapidly out of the “depths of March.” And while some customers were angry that they could not get access to their data during the ransomware incident, the company has not formally lost any customers because of it, he said.
“I could count on one hand, of my thousands of customers, how many I think will choose not to do business with us going forward.”
Dobson said he is confident that Epiq’s business is getting back on track. By the end of the quarter, he expects the flow of new work coming into the company’s two largest businesses to be back where it was before the ransomware attack.
“We’ve seen strong growth in April over March and we think we’ll be back on our growth plan within a quarter, to where we were before we got into this.”
While the company already had a sophisticated security schema in place before the attack, it has now added even stronger measures, Dobson said. In addition, while all employees were previously trained in network and data security, the company has put them all through a rigorous retraining.
Acknowledging that employees are “the weakest link” in protecting against phishing, Dobson said that Epiq has gone to great lengths to train employees and put in additional world-class products to secure its systems.
Still, he concedes that the company’s future is dependent on how the current crisis plays out and how long it lasts. The company is working through various scenarios based on how long the crisis might last and how best to support its employees.
“We’ve got a whole set of actions that we’ll take to make sure that we, number one, support our employees, number two, support services to our clients, and number three, make sure that we are always in a position of strong financial health.”
With so much of Epiq’s business contingent on the courts, one factor beyond its control is how quickly they resume operations.
“We don’t’ know whether this virus will come back in the fall, but we’ve completely repositioned Epiq to deliver all of our services virtually now,” Dobson said. “Only if the courts slow down and there’s a supply-side issue with matters not moving through the courts will we see any type of dip in our business.”
“I can’t control the rate and pace of the courts, whether judges will move new matters through or not,” he said. “That’s the big unknown for our business.”