DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Threat actors claim to have stolen Jones Day files; law firm remains quiet

Posted on February 13, 2021 by Dissent

Over on AdvIntel, Tyler Combs has a post about threat actors attacking law firms. Many of us are already aware of a number of law firms who have been attacked and who have had their firm’s files dumped publicly when they refused to pay ransom demands, but if the biggest law firms fall prey, what does that predict for smaller firms?

Combs writes, in part:

Recent cases of cyberattacks against law firms illustrate the scale and ripple effects. For instance, in September 2020, one actor gained access to files containing I-9 employment authorization forms and was able to access the names, phone numbers, email addresses, dates of birth, Social Security numbers, and passport numbers of an undisclosed number of current and former employees of a law firm’s client; all information that could be used for identity theft. As part of its recovery from the attack, the law firm offered free credit monitoring services to all the affected customer’s employees – a costly and complicated process.

This case is not unique – the American Bar Association reveals that 29% of the respondents to a survey on law firm cybersecurity experienced breach-related threats in 2020, but only 34% of firms maintain cybersecurity incident response plans. It is therefore crucial for both firms and clients to have an accurate picture of the cyber threats facing the legal sector.

Combs provides more detailed examples of the type of threats law firms face, including have login credentials to their sites sold on the dark web to other threat actors who will exploit the access. “For example, since November 2020, AdvIntel has identified the RDP credentials of 17 law firms offered for sale in top-tier DarkWeb marketplaces,” Combs write.

RDP (Remote Desktop Protoxol) is one of the two most common ways threat actors gain access to their intended victim.

Read Combs’ entire article on AdvIntel, and if that doesn’t make your law firm take these threats more seriously, consider this:

Jones Day, one of the largest international law firms in this country, has  apparently become a victim of a  ransomware attack, and some of their files — including confidential and sensitive files — have already been dumped publicly.

Jones Day was listed as having revenue of more than $2 billion in 2018. One of its practice areas is cybersecurity, and they have published a number of articles on their web site about ransomware attacks and how they have helped or advised clients how to respond to security incidents. They even publish a monthly privacy and cybersecurity newsletter.

What they do not seem to have published — at least not that this site has found — is any statement acknowledging that at least some of their files have been dumped by ransomware threat actors on the dark web.

As proof of access, the threat actors known as CLOP initially posted some screenshots of files they appear to have exfiltrated. Two examples are provided below, redacted by DataBreaches.net.  Both involve current and confidential communications.

Correspondence posted by threat actors. Redacted by DataBreaches.net. 

 

Correspondence posted by threat actors. Redacted by DataBreaches.net .

When Jones Day did not respond to the increased pressure and threats, the threat actors appear to have dumped even more data.

DataBreaches.net sent an inquiry to Jones Day yesterday, but received no response. A second request was sent this morning, but also received no response. Nor is there any statement on their web site about any interrupted services or alerts.  Although the law firm has neither confirmed nor denied the claimed attack, the files that this site inspected appeared to be from verifiable cases.

This post will be updated if a response or statement is received.

Update: Jones Day still hasn’t responded to inquiries, but the threat actors did, simply stating,

Hi, they ignore us so they will be published.

They subsequently added that they exfiltrated 100 GB of files (“70% zip and 7z files”).

DataBreaches.net will continue to try to get more information on this breach. In the past, Jones Day has recommended that breached firms notify clients promptly. One can only wonder if they are implementing their own advice right now.

Clarification:  The threat actors subsequently told Vice that they did not encrypt the files — they merely stole (copies of) the data.

Related posts:

  • Forbes Breach Email Statistics
  • TeamGhostShell posts “master list” of 548 leaks (so far)
  • Jones Day disputes claimed breach; points to hacked vendor; hacker points back to them (UPDATE2)
  • A further 512 websites hacked and defaced by HaX.R00T
Category: Breach IncidentsBusiness SectorCommentaries and AnalysesMalwareOf NoteU.S.

Post navigation

← mHealth Apps Expose Millions to Cyberattacks
One of the World’s Most Prolific Cybercriminals Has Retired – And May Well Be a Bitcoin Billionaire →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.