Jones Day law firm has revealed that hackers stole confidential client data after breaching a third-party vendor’s file-sharing platform. AmLaw ranks the firm as the tenth largest provider of legal services in the United States, with annual gross revenues of more than $ 2 billion.
Jones Day customers include half of Fortune 500 companies, such as Google, JPMorgan Chase, Wal-Mart, Procter and Gamble, and McDonalds. He also represented Donald Trump’s campaign.
The Cleveland, Ohio-based law firm is the second largest legal services provider affected by the third-party data breach. The ransomware group responsible for the breach said it exfiltrated the data directly from the law firm’s server, but Jones Day denies the claims.
Accellion data breach exposes confidential data of Jones Day and Goodwin Procter customers
Jones Day claims that the data leak stems from a data breach by a third party, specifically Accellion, which provides file transfer services to several companies in the legal industry. On February 2, 2021, Goodwin Procter also disclosed a data breach associated with the Accellion file transfer platform.
Jones Day has been informed that Accellion’s FTA file transfer platform, which is a platform used by Jones Day, like many law firms, businesses and organizations, has recently been compromised and information were taken, “Jones Day spokesman David Petrou told Bloomberg Law. “Jones Day continues to investigate the violation and has been, and will continue to be, in discussion with affected customers and appropriate authorities.”
The Accellion breach was also associated with the exposure of personal data belonging to more than one million New Yorkers claiming unemployment benefits.
Likewise, the University of Colorado has said it was affected by the third-party data breach, while a California tech company faces legal action related to the Accellion data breach.
Other victims include Singaporean telecommunications giant Singtel, the Washington State Auditor’s Office, the Australian Securities and Investments Commission and the Reserve Bank of New Zealand.
Accellion recognizes a sophisticated cyberattack
On February 1, Accellion released a statement acknowledging a “sophisticated cyber attack” on its two-decade-old file transfer app.
The company said it had enlisted the services of a “leading cybersecurity forensics firm” to conduct a comprehensive assessment of the FTA data security incident. Jones Day has vowed to release full details of the third-party data breach after its investigation is concluded.
Ransomware group Clop released confidential data of Jones Day customers to the dark web
Clop ransomware, the threat actor claiming responsibility for the alleged third party data breach Jones Day has released the law firm’s data to the dark web as evidence.
Although the law firm was associated with Donald Trump, experts believe the ransomware attack was unrelated to politics. Ransomware operators also told databreaches.net that they did not encrypt Jones Day files in the process.
The threatening actor has published several archives containing gigabytes of customer data. The first version contains emails, while the second archive contains confidential files allegedly stolen from company servers. According to the WSJ, ransomware operators claim to have over 100 gigabytes of Jones Day data.
Clop ransomware denies exposure to Jones Day due to third-party data breach
An alleged actor in the Clop ransomware threat told the Wall Street Journal that Jones Day was made aware of the data breach on February 3, but did not respond to ransom demands.
Clop also claimed to have stolen the data directly from Jones Day’s servers, but the law firm insisted the data leak was from a third-party data breach.
The Wall Street Journal reported that the leaked Jones Day data contained “Accellion configuration files and logs with references to Jones Day email and web addresses.”
âLike the Solarwinds supply chain attack, cybercriminals are focusing their attacks on third parties and service providers who support many customers,â says James McQuiggan, advocate for advocacy. security at KnowBe4. âThese organizations will want to review and elevate their security programs to ensure that they don’t experience any loopholes, which would result in a similar compromise. These attacks harm the organization’s customers and customers, and harm that organization’s reputation and possible outcomes. “
McQuiggan added that third-party vendors should encrypt files before transferring them to protect their customers.
âIt is highly likely that a third party or vendor is behind the alleged data breach,â says Ilia Koloshenko, CEO of ImmuniWeb. âCybercriminals typically start their ‘purchases’ by probing unprotected third parties who have access to the victim’s valuable data. The currently leaked details of the stolen data indicate that the incident has limited impact and that only a limited number of customers and cases are affected. In addition, even if some documents are marked as confidential or privileged, it does not necessarily mean that they always have or have had this protectable status.
In response to the alleged third-party data breach blamed on the Accellion hack, Tim Mackey, Senior Security Consultant, Synopsys Software Integrity Group, said:
âModern businesses rely on an ecosystem of technology providers that form a digital supply chain. Compromising a business then comes down to identifying the weakest link and accessing the data it has on the business and its customers. While it is traumatic for any business leader to find themselves in the press for a data breach, the incident represents an opportunity. “
The cybercriminal gang could lie to avoid exposing their data source, while the law firm also tries to blame it to save face over such an embarrassing exposure. However, Jones Day’s claims appear credible given the presence of Accellion’s journals in the data exposed.