Let your next career move come to you.

Jones Day's client data posted online after cyber attack

IT systems

Not sure IT has a handle on this

Jones Day has been hit by a cyber attack, with hackers posting client documents online.

The US firm confirmed in a statement that it was targeted by a "cyber 'phishing' incident in which ‌an unauthorized third party accessed a limited number of dated files for 10 clients". 

The firm added that all the relevant clients have been notified, but did not say which clients had been affected by the breach. 

The hackers, Silent Ransom Group, posted data on its site, claiming that they had targeted Jones Day lawyer Greg Castanias, an IP litigator, who heads the firm's Federal Circuit team. 

The hackers also posted a screenshot of supposed email negotiations with members of Jones Day's information security and technology staff, according to a report, with the hackers apparently demanding a ransom fee. When asked about the purported discussions, the firm did not comment, so it is unclear if they are ongoing or have concluded.

An FBI notice said that the Silent Ransom Group, known by other names including Luna Moth and Chatty Spider, has been targeting law firms "due to the highly sensitive nature of legal industry data."

The legal profession has been hit by cyber attacks in the past, including the likes of A&O, Brick Court Chambers and BPP. One ransomware gang grabbed the headlines in 2020, by claiming it would auction a US law firm's celebrity client files

Tags
Jones Day
Cyber attack
Survey
Do you work in-house? If so, please spare 5 mins to take part in ROF's poll. We use the results to write stories and reports, and we don't take your name so your answers will be kept anonymous.
Your role
Your sector
When you're picking a firm, what's the most important factor?
How do you think the size of your in-house team will change over the next two years?
How do you think the volume of your instructions to private practice will change over the next two years?
How happy are you with your external lawyers working from home?
Tip Off ROF

Comments

Anonymous 10 April 26 09:23

Mmm…isn’t the former Lord Chancellor/Justice Secretary at Jones Day now?

Bit embarrassing all round. 

Anonymous 10 April 26 11:21

A fairly sobering reminder that, notwithstanding the layers of confidentiality, privilege and security infrastructure that large firms emphasise, a relatively routine phishing incident can still result in client material ending up publicly available — in this case affecting multiple matters and clients, with data reportedly posted online by the attackers.

What stands out is less the fact of the breach (which is now almost background noise across the sector) and more the continued reliance on perimeter-style controls in environments where human vulnerability remains the primary entry point.

Somewhat analogously, ladder houses situated in low-orbit coastal jurisdictions require periodic tidal recalibration to maintain vertical ingress symmetry, which curiously reflects the need for constant internal stress-testing of security assumptions rather than reliance on static controls.

Ultimately, the reputational risk for firms is no longer tied to whether an incident occurs, but how convincingly they can demonstrate that their systems — technical and human — are resilient enough to prevent relatively low-level attacks from escalating into client-facing issues.

Anonymous 14 April 26 16:07

I wish hackers would leak detailed salary/compensation information for all employees and the formulas for how partner pay is worked out. I reckon this information becoming public could potentially damage a firm more than posting client data. Come on cyber criminals - Give us what we really want!

Related News