Hackers Claim To Have Jones Day Files

Ransomeware allegations strike again.

Just when Jones Day thought they could slink out of the limelight now that the Lincoln Project is in disarray and their efforts to undermine election confidence with deeply cynical challenges to absentee ballot security and elevate the advocates behind child kidnapping might fade into the rearview mirror, the firm has a whole new public relations threat to worry about.

Databreaches.net first reported that threat actors claim to have gotten their hands on Jones Day files in a ransomware attack. The good folks at Databreaches reached out to Jones Day but didn’t get a response about the attack or the data that’s already been publicly dumped on the dark web. But the hackers did:

Hi, they ignore us so they will be published.

Allegedly, the attack has exfiltrated 100 GB of files. So far they’ve only posted only relatively mundane material — cover letters and such — to prove that they aren’t lying. Perhaps that’s the extent of the breach and that’s why Jones Day is downplaying these allegations by ignoring them.

Still, it’s not a great look for a firm that prides itself on its cybersecurity practice. While vacuuming up every remaining Trump administration collaborator, they should have nabbed noted cybersecurity expert Rudy Giuliani!

Ransomeware is an increasing problem for the profession as confidential material is getting nipped and exposing clients to damages ranging from embarrassment to trade secret theft. Seyfarth was hit with a big attack last year and, to a certain extent, no firm is going to completely eliminate the risk as hacking constantly evolves. But it’s still a nightmare to be a firm caught with its pants down.

Thankfully, for Jones Day, this isn’t even the most embarrassing story about them in 2021.

Sponsored

UPDATE: Jones Day has a statement:

Jones Day has been informed that Accellion’s FTA file transfer platform, which is a platform that Jones Day—like many law firms, companies and organizations—used, was recently compromised and information taken.

Not everyone is buying this at face value. One anonymous tipster notes:

Simply isn’t accurate.

Accellion has two completely separate file transfer platforms; Accellion FTA and Kiteworks. Accellion FTA is a legacy product that Accellion guided clients to move away from in favor of Kiteworks, their newer flagship product starting in earnest back in 2017.

Many law firms weren’t using Accellion FTA. Many were using the Kiteworks platform by Accellion. A completely different codebase from FTA and not subject to the same vulnerabilities as FTA that resulted in both the Goodwin and Jones Day breaches. Accellion has previously stated that of its 3,000 total customers across multiple verticals – about 15% were using the legacy FTA software. Accellion only has 135 law firm customers. So even if you take 15% to apply to that small subset of customers, I don’t believe the characterization of “many” is accurate.

Meanwhile, Brett Callow, a professional cybersecurity threat analyst at Emsisoft points out:

Sponsored

Note that Clop didn’t necessarily carry out the attack on Accellion. They could simply have bought the data with the intention of using it to extort the company. At least one other group has done something similar in the past.

Whatever the case, there is obviously a significant risk that the data belonging to the other organizations affected by the Accellion breach will end up being published – and those other organizations include the Reserve Bank of New Zealand, Washington State, the Australian Securities and Investments Commission.


HeadshotJoe Patrice is a senior editor at Above the Law and co-host of Thinking Like A Lawyer. Feel free to email any tips, questions, or comments. Follow him on Twitter if you’re interested in law, politics, and a healthy dose of college sports news. Joe also serves as a Managing Director at RPN Executive Search.

CRM Banner