Leading law firm Campbell Conroy & O’Neil, P.C. has revealed that there has been a data breach on the firm’s network after it was hit by a ransomware attack in February this year. The firm’s high-profile client base includes Apple, British Airways, Exxon, Mercedes Benz, Universal Health Services, Johnson & Johnson, and many other large companies. The identities of the individuals or entities whose data has been breached have not been revealed as of now.
The firm announced that it noticed some abnormal activity on its network and subsequently investigated the matter with the help of forensic investigators to find out the extent of the breach. Campbell also informed the Federal Bureau of Investigation (FBI) about this breach. The firm issued a press release and provided notice regarding the breach as it has discovered that information about some individuals was obtained by the actors behind the ransomware attack. The firm has not yet revealed any details regarding the group of attackers behind this data breach.
The firm has not confirmed if the information has been viewed by the hackers or not but it has revealed that the information in the firm’s system included private details of some individuals. This includes some individuals’ names, drivers’ license numbers, dates of birth, payment card information, financial account information, biometric data, Social Security numbers, and online account information.
Usually, in ransomware attacks, this information is used by hackers to force victims to pay ransom to prevent a data leak. The United States government has recently launched an online portal, called StopRansomware, to help private and public entities protect themselves against ransomware attacks.
The firm also advised individuals on the steps they can take to protect their data including going through the guidelines regarding the protection of personal information given on the firm’s website. The guidelines provide information related to fraud alerts along with the contact details of consumer reporting agencies throughout the United States.
Emphasizing the firm’s commitment and responsibility towards the data assigned to the firm, the statement read, “As part of our ongoing commitment to the privacy of personal information in our care, we are reviewing our existing policies and procedures, and are working to implement additional safeguards to further secure our information systems. As an added precaution, we are also offering 24 months of complimentary access to credit monitoring, fraud consultation, and identity theft restoration services to individuals whose Social Security numbers or the equivalent were accessible as a result of this event.”
Jeremy Hendy, CEO of Skurio, a Digital Risk Protection platform, while speaking on this incident said, “Being first to know that their data is out there gives them time to investigate the incident and know if the ransomware group has exposed the data. Behind the scenes, we strongly encourage any businesses suffering a breach to automatically react on the assumption sensitive data could be involved. Even if the data is not immediately shared or sold, it may surface long after the original breach occurred, resulting in difficult questions for the business to answer.”