Jones Day recently revealed that a phishing attack by the cybercriminal group Silent compromised files belonging to ten of its clients. While the firm noted that the accessed documents were dated and limited in scope, the hackers have already claimed responsibility for the breach on an extortion website.

The law firm confirmed that an unauthorized third party managed to gain access to a specific set of older client files through the phishing scheme. According to spokesperson Dave Petrou, the firm has already taken steps to notify every individual and entity impacted by the security failure. Although the breach involves several parties, the specific identities of the ten affected clients remain confidential and have not been released to the public or the press.

The group claiming credit for the incident, known as Silent, is a well-known and prolific cybercriminal organization that often uses extortion websites to pressure its victims. By listing Jones Day as a target, the group aims to highlight its successful infiltration of a high-profile legal institution. This public admission of the attack is a common tactic used by such groups to gain leverage or notoriety within the criminal community.

This is not the first time the firm has dealt with such a security crisis, as it previously experienced another significant data breach in 2021. During that earlier incident, hackers also managed to steal internal data, though the firm remained relatively quiet about the specific details of that event. The lack of transparency regarding the scope and nature of the 2021 breach has led to continued scrutiny of the firm’s digital infrastructure and data protection protocols.

The security of Jones Day is of particular interest to the business community because of its high-profile roster of international clients. The firm has a long history of representing major American corporations, including industry giants such as Goldman Sachs, McDonald’s, and General Motors. Given the sensitive nature of the legal work performed for these entities, any breach of confidentiality raises concerns about the vulnerability of corporate data handled by outside counsel.

Despite the firm's efforts to characterize the stolen files as dated, the recurrence of such incidents points to an ongoing battle against sophisticated phishing techniques. Legal organizations remain prime targets for groups like Silent because they serve as central repositories for valuable corporate information. As the firm continues its investigation, the legal industry at large is reminded of the persistent threat posed by cybercriminals targeting the trust-based relationship between lawyers and their clients.

Source: https://www.investing.com/news/company-news/jones-day-shares-client-data-breach-affecting-10-firms--bloomberg-93CH-4599032