Prominent law firm Campbell Conroy & O’Neil said it fell victim to a ransomware attack five months ago that resulted in systems holding sensitive information being compromised.
The firm offers services to numerous Fortune 500 and Global 500 companies, including automakers (Ford, Honda, General Motors, Mercedes Benz, and others), aviation and aerospace (British Airways, Boeing, US Airways, and more), energy/utilities, industrial machinery, insurance, and transportation organizations, among others.
Last week, the law firm announced that it detected unusual activity on its network on February 27, and that an investigation into the matter revealed that certain systems were infected with ransomware.
The systems, the company says, held “certain information relating to individuals,” which might have been viewed or accessed by the unauthorized party behind the attack.
The compromised information, the company says, includes names, birth dates, Social Security numbers, driver’s license and passport numbers, state identification numbers, and data related to financial accounts and payment cards.
Furthermore, medical and health insurance information was also compromised, along with biometric data, and even credentials for online accounts in some cases.
“Please note that the information varies by individual and for many individuals, a limited number of data types were determined to be accessible,” Campbell says.
While the firm focused on personally identifiable information (PII) in its disclosure, it left details unclear on what sensitive client business data may have been exposed in the attack.
“The most valuable data at a law firm is certainly not PII as disclosed by the law firm in question. Smart cybercriminals are chasing for sensitive dossiers of wealthy or politically exposed customers, looking for attorney-client privileged information or other sensitive litigation-related data. Modern cyber gangs are well aware of it, moreover, in the Dark Web, there are dedicated channels to buy and sell data from compromised law firms,” Ilia Kolochenko, Founder of ImmuniWeb, told SecurityWeek in an emailed comment.
“Currently, law firms enjoy a very modest data protection regulation regime compared to such industries as banks or healthcare institutions, while processing data of the same or even higher sensitivity. We should expect a steady growth of sophisticated attacks against law firms in the near future,” Kolochenko added.
Related: Continuous Updates: Everything You Need to Know About the Kaseya Attack
Related: CISA Adds Ransomware Module to Cyber Security Evaluation Tool
Related: CISA Warns of Threat Posed by Ransomware to Industrial Systems
More from Ionut Arghire
- Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
Latest News
- Burnout in Cybersecurity – Can it be Prevented?
- Spain Needs More Transparency Over Pegasus: EU Lawmakers
- Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA
- Virtual Event Today: Supply Chain & Third-Party Risk Summit
- Google Suspends Chinese Shopping App Amid Security Concerns
- Verosint Launches Account Fraud Detection and Prevention Platform
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
