Virtual Event Today: Supply Chain Security Summit - Register Now

Security Experts:

Connect with us

Hi, what are you looking for?


Incident Response

Law Firm Campbell Conroy & O’Neil Discloses Ransomware Attack

Prominent law firm Campbell Conroy & O’Neil said it fell victim to a ransomware attack five months ago that resulted in systems holding sensitive information being compromised.

Prominent law firm Campbell Conroy & O’Neil said it fell victim to a ransomware attack five months ago that resulted in systems holding sensitive information being compromised.

The firm offers services to numerous Fortune 500 and Global 500 companies, including automakers (Ford, Honda, General Motors, Mercedes Benz, and others), aviation and aerospace (British Airways, Boeing, US Airways, and more), energy/utilities, industrial machinery, insurance, and transportation organizations, among others.

Last week, the law firm announced that it detected unusual activity on its network on February 27, and that an investigation into the matter revealed that certain systems were infected with ransomware.

The systems, the company says, held “certain information relating to individuals,” which might have been viewed or accessed by the unauthorized party behind the attack.

The compromised information, the company says, includes names, birth dates, Social Security numbers, driver’s license and passport numbers, state identification numbers, and data related to financial accounts and payment cards.

Furthermore, medical and health insurance information was also compromised, along with biometric data, and even credentials for online accounts in some cases.

“Please note that the information varies by individual and for many individuals, a limited number of data types were determined to be accessible,” Campbell says.

While the firm focused on personally identifiable information (PII) in its disclosure, it left details unclear on what sensitive client business data may have been exposed in the attack.

“The most valuable data at a law firm is certainly not PII as disclosed by the law firm in question. Smart cybercriminals are chasing for sensitive dossiers of wealthy or politically exposed customers, looking for attorney-client privileged information or other sensitive litigation-related data. Modern cyber gangs are well aware of it, moreover, in the Dark Web, there are dedicated channels to buy and sell data from compromised law firms,” Ilia Kolochenko, Founder of ImmuniWeb, told SecurityWeek in an emailed comment.

“Currently, law firms enjoy a very modest data protection regulation regime compared to such industries as banks or healthcare institutions, while processing data of the same or even higher sensitivity. We should expect a steady growth of sophisticated attacks against law firms in the near future,” Kolochenko added.

Related: Continuous Updates: Everything You Need to Know About the Kaseya Attack

Related: CISA Adds Ransomware Module to Cyber Security Evaluation Tool

Related: CISA Warns of Threat Posed by Ransomware to Industrial Systems

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.