Jones Day Cyber Attack Exposes Client Data Linked to Silent Ransom Group

Severity: High (Score: 66.0)

Sources: Bloomberg, Bitget, Legalcheek, Nonbillable

Summary

Jones Day, a major law firm, confirmed a cyber attack that compromised files related to 10 client matters. The breach is attributed to the Silent Ransom Group, which has been targeting law firms using phishing tactics. Hackers accessed dated files and have claimed responsibility, publishing a file directory and screenshots of negotiations with the firm. All affected clients have been notified, but specific details about the files or clients remain undisclosed. This incident follows a recent trend of cyber attacks on law firms, highlighting vulnerabilities in their cybersecurity measures. The firm previously faced a similar incident in 2021 involving a different ransomware group. The SEC is now scrutinizing the firm due to potential breaches of client confidentiality and cybersecurity disclosure requirements. The incident raises questions about the effectiveness of vendor risk management protocols in law firms. Key Points: • Jones Day suffered a cyber attack linked to the Silent Ransom Group, exposing files for 10 clients. • The attack involved phishing tactics, and the group has publicly claimed responsibility. • The SEC is investigating potential breaches of client confidentiality due to the incident.

Key Entities

• Data Breach (attack_type)
• Phishing (attack_type)
• Ransomware (attack_type)
• Supply Chain Attack (attack_type)
• Allen & Overy (company)
• Google (company)
• Jones Day (company)
• Jones Day Law Firm (company)
• JPMorgan Chase (company)
• T1195 - Supply Chain Compromise (mitre_attack)
• T1566 - Phishing (mitre_attack)
• Accellion (platform)
• Lockbit (ransomware_group)
• Silent Ransom Group (ransomware_group)