Cyberattack Gives Biglaw Firm A New Return-To-Office Excuse

A major law firm has weaponized a cyberattack to enforce return-to-office mandates, ordering employees to either work from firm premises or remove equipment from their homes while the firm secures compromised systems.

The directive reflects a stark shift in how large law firms are responding to security breaches. Rather than simply isolating affected systems or rotating credentials remotely, this firm has used the incident as leverage to collapse hybrid work arrangements. Employees now face a binary choice: commute to physical offices or forfeit remote access to firm networks and devices entirely.

The approach raises questions about proportionality and good faith in employment relationships. Cybersecurity remediation typically does not require wholesale return-to-office policies. Standard responses include multi-factor authentication upgrades, endpoint detection and response tools, network segmentation, and forensic investigation. None of these measures demands employees work from firm locations.

The timing invites scrutiny. Return-to-office mandates have proven contentious across BigLaw for years, with associates and counsel resisting commute requirements that erode work-life balance. Firms citing productivity and mentorship have struggled to justify mandates against employee preferences and pandemic-era operational success. A security incident provides cover for what may be a pretext.

Labor law considerations emerge here. If the firm can demonstrate the return-to-office requirement is genuinely necessary for data protection, the mandate likely survives challenge under existing employment frameworks. However, if the cyberattack serves primarily as justification for a predetermined restructuring, employee claims regarding retaliation or bait-and-switch tactics could develop traction, particularly in jurisdictions with robust employee protections.

For other firms, the precedent matters. Using infrastructure incidents as justification for permanent workplace policy shifts sets a template that competitors may follow. It also signals to employees that crisis moments represent opportunities for management to unwind flexible work arrangements.