DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Missouri law firm sued by insurer for not disclosing 2016 hack by thedarkoverlord

Posted on March 31, 2020 by Dissent

For the past few years, this site has covered litigation against Athens Orthopedic Clinic in Georgia related to their hack by thedarkoverlord in 2016. The lawsuit against the clinic, filed by a patient, made it all the way to the Georgia Supreme Court on the issue of whether under Georgia state law, the plaintiff had shown enough harm to survive a motion to dismiss. The state’s highest court agreed with the plaintiff on appeal, and the case has been remanded.

And while that case may be costly for the clinic, that hack may also be costly for an alleged member of thedarkoverlord (TDO) who was extradited to the U.S. to stand trial for his alleged role in hacks in Missouri and Atlanta — including, it appears, the Athens Orthopedic Clinic hack (although the court filings do not name the victim entities).

According to the federal complaint against him, Nathan Wyatt, aka “Crafty Cockney” and “Mas Mas,” allegedly set up accounts that were used as part of TDO’s hacking and extortion operations, and he allegedly called a victim and threatened him in rap as to what would happen if the victim didn’t pay up.

But the Athens Orthopedic Clinic hack may not be the only TDO hack Wyatt was allegedly involved in that has resulted in litigation.  Regular readers may recall that in 2018, TDO started leaking what they claimed were hacked files related to 9/11.  Those files came from a law firm used by insurer Hiscox. Hiscox informed this site that they had learned of the breach in April 2018, but Hiscox’s statement to this site did not reveal that the unnamed law firm was hacked in December 2016.

This week, Hiscox filed suit against the Missouri-based law firm, Worden Grier, LLP.  The suit was first reported by Law360.com.

In the complaint, the insurer alleges that:

11. On or around December 2016, an international hacker organization known as “The Dark Overlord” (“Hackers”) gained unauthorized access to Warden Grier’s computer system containing all of the sensitive information, including PI, stored on Warden Grier’s servers (the “2016 Data Breach”).

12. On information and belief, Hiscox understands that Warden Grier contacted outside attorneys and the FBI to investigate the matter, but did not hire a forensic IT firm to investigate the 2016 Data Breach or, if it did, has refused to provide Hiscox with the findings of any such investigation.

13. Despite being aware of the 2016 Data Breach, Warden Grier actively concealed or otherwise did not notify Hiscox or Hiscox’s insureds—all of whom were Warden Grier’s clients—of the 2016 Data Breach.

Hiscox claims that they became aware of the breach on March 28, 2018, when some of the data appeared on the dark web. When they investigated by contacting Warden Grier, they learned that Warden Grier had not only failed to inform them, but they had not informed any of Hiscox’s clients.  According to the complaint, Warden Grier paid TDO ransom or other demand to protect its and its clients’ personal information from dissemination.  [DataBreaches.net notes that this would not be the first time that TDO was paid ransom and then disclosed data anyway. TDO occasionally claimed that a victim had violated some provision of their agreement, thereby justifying their actions in either dumping data or demanding further payment.]

In any event, the Hiscox lawsuit is interesting because in December 2016, law enforcement in the U.K. charged Nathan Wyatt with a number of crimes, including hacking an unnamed law firm and trying to extort it.  Wyatt pleaded guilty to all charges and was jailed.

So was that law firm Warden Grier?  If so, then Wyatt may have already served time for that hack in a U.K. jail. Or was this yet another law firm?  DataBreaches.net has been unable to reach Warden Grier yet, but has sent an inquiry to Hiscox’s law firm in the suit and will update this post if more information becomes available.

 

Related posts:

  • What OPSEC? Member of “thedarkoverlord” allegedly used his personal details to set up hacking and extortion-related accounts.
  • Hiscox Hack Suit Advances as Warden Grier Loses Dismissal Bid
  • Quest Records LLC breach linked to TheDarkOverlord hacks; more entities investigate if they’ve been hacked
  • Member of thedarkoverlord sentenced to 60 months and $1.4 million in restitution
Category: Breach IncidentsHack

Post navigation

← Kwampirs Malware Employed in Ongoing Cyber Supply Chain Campaign Targeting Global Industries, including Healthcare Sector
REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.