DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Threat actors claim to have stolen Jones Day files; law firm remains quiet

Posted on February 13, 2021 by Dissent

Over on AdvIntel, Tyler Combs has a post about threat actors attacking law firms. Many of us are already aware of a number of law firms who have been attacked and who have had their firm’s files dumped publicly when they refused to pay ransom demands, but if the biggest law firms fall prey, what does that predict for smaller firms?

Combs writes, in part:

Recent cases of cyberattacks against law firms illustrate the scale and ripple effects. For instance, in September 2020, one actor gained access to files containing I-9 employment authorization forms and was able to access the names, phone numbers, email addresses, dates of birth, Social Security numbers, and passport numbers of an undisclosed number of current and former employees of a law firm’s client; all information that could be used for identity theft. As part of its recovery from the attack, the law firm offered free credit monitoring services to all the affected customer’s employees – a costly and complicated process.

This case is not unique – the American Bar Association reveals that 29% of the respondents to a survey on law firm cybersecurity experienced breach-related threats in 2020, but only 34% of firms maintain cybersecurity incident response plans. It is therefore crucial for both firms and clients to have an accurate picture of the cyber threats facing the legal sector.

Combs provides more detailed examples of the type of threats law firms face, including have login credentials to their sites sold on the dark web to other threat actors who will exploit the access. “For example, since November 2020, AdvIntel has identified the RDP credentials of 17 law firms offered for sale in top-tier DarkWeb marketplaces,” Combs write.

RDP (Remote Desktop Protoxol) is one of the two most common ways threat actors gain access to their intended victim.

Read Combs’ entire article on AdvIntel, and if that doesn’t make your law firm take these threats more seriously, consider this:

Jones Day, one of the largest international law firms in this country, has  apparently become a victim of a  ransomware attack, and some of their files — including confidential and sensitive files — have already been dumped publicly.

Jones Day was listed as having revenue of more than $2 billion in 2018. One of its practice areas is cybersecurity, and they have published a number of articles on their web site about ransomware attacks and how they have helped or advised clients how to respond to security incidents. They even publish a monthly privacy and cybersecurity newsletter.

What they do not seem to have published — at least not that this site has found — is any statement acknowledging that at least some of their files have been dumped by ransomware threat actors on the dark web.

As proof of access, the threat actors known as CLOP initially posted some screenshots of files they appear to have exfiltrated. Two examples are provided below, redacted by DataBreaches.net.  Both involve current and confidential communications.

Correspondence posted by threat actors. Redacted by DataBreaches.net. 

 

Correspondence posted by threat actors. Redacted by DataBreaches.net .

When Jones Day did not respond to the increased pressure and threats, the threat actors appear to have dumped even more data.

DataBreaches.net sent an inquiry to Jones Day yesterday, but received no response. A second request was sent this morning, but also received no response. Nor is there any statement on their web site about any interrupted services or alerts.  Although the law firm has neither confirmed nor denied the claimed attack, the files that this site inspected appeared to be from verifiable cases.

This post will be updated if a response or statement is received.

Update: Jones Day still hasn’t responded to inquiries, but the threat actors did, simply stating,

Hi, they ignore us so they will be published.

They subsequently added that they exfiltrated 100 GB of files (“70% zip and 7z files”).

DataBreaches.net will continue to try to get more information on this breach. In the past, Jones Day has recommended that breached firms notify clients promptly. One can only wonder if they are implementing their own advice right now.

Clarification:  The threat actors subsequently told Vice that they did not encrypt the files — they merely stole (copies of) the data.

Category: Breach IncidentsBusiness SectorCommentaries and AnalysesMalwareOf NoteU.S.

Post navigation

← mHealth Apps Expose Millions to Cyberattacks
One of the World’s Most Prolific Cybercriminals Has Retired – And May Well Be a Bitcoin Billionaire →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.