It’s an embarrassment for the privacy law firm if true. And we think it may be.
A hacker claims to have stolen files belonging to the Big Law firm Jones Day – an expert in data privacy and cyber security law – and posted many of them on the dark web.
Jones Day is the tenth largest in the country, with more than $2 billion in gross revenue and has close ties to the Trump administration. Several of its attorneys achieved high profile roles with the Trump administration.
Jones Day is the second major law firm in two weeks to have private data exposed as a result of a breach at Accellion, which provides file transfer and other services for a number of firms.
The second law firm that had apparently been breached was Goodwin Procter who said this month that certain client and employee data was also left unprotected.
Jones Day have disputed the claim, saying in a statement that it disputed that its network has been breached. The statement said that a file-sharing company that it has used was recently compromised and had information taken. Jones Day said it continues to investigate the breach and will continue to be in discussion with affected clients and appropriate authorities.
The posting by a person who self-identified as the hacker, which goes by the name Clop, includes a few individual documents that are easily reviewed by the public. One memo is to a judge and is marked “confidential mediation brief,” another is a cover letter for enclosed “confidential documents.”
The Wall Street Journal reported that it was able to see the existence of many more files—mammoth in size—also purported to belong to Jones Day, posted by the hacker on the so-called dark web. Hackers typically post such stolen information after the hacked entity fails to pay a ransom. The Journal was able to contact the hacker using an email on its blog.
Accellion said in a statement posted to its website Feb. 1 that its File Transfer Appliance, a two-decades-old file transfer product, “was the target of a sophisticated cyberattack.”
“Accellion is conducting a full assessment of the FTA data security incident with an industry-leading cybersecurity forensics firm,” spokesman Robert Dougherty told Bloomberg Law. “We will share more information once this assessment is complete. For their protection, we do not comment on specific customers.”