Jones Day Law Firm Breached, Client Data Compromised via Accellion Platform

Severity: Medium (Score: 54.8)

Sources: Bloomberg, Bitget

Summary

Jones Day, a major law firm, reported a data breach affecting the files of 10 clients, attributed to a cybercriminal group named Silent. The breach occurred through vulnerabilities in the Accellion file transfer platform, which the firm utilized for client communications. This incident follows a similar breach at Goodwin Procter, marking a troubling trend in third-party supply chain vulnerabilities among law firms. The SEC has subpoenaed Jones Day for client information to assess the impact of the breach, seeking to identify which of the firm's 298 clients may have had sensitive data compromised. A court ruling has limited the SEC's discovery to just seven clients, indicating a nuanced regulatory landscape. The breach raises significant questions about vendor risk management protocols within the legal sector. Jones Day's client roster includes high-profile companies like Google and JPMorgan Chase, amplifying the potential fallout from this incident. The firm is currently investigating the breach and notifying affected clients. The financial implications could be severe, given the firm's size and client significance. Key Points: • Jones Day's breach involved access to sensitive data of 10 clients via Accellion platform vulnerabilities. • The SEC has subpoenaed the firm for client identities, following a court ruling limiting discovery to seven clients. • The incident highlights ongoing risks in third-party supply chain security for major law firms.

Key Entities

• Data Breach (attack_type)
• Supply Chain Attack (attack_type)
• Google (company)
• Jones Day (company)
• Jones Day Law Firm (company)
• JPMorgan Chase (company)
• Procter & Gamble (company)
• T1195 - Supply Chain Compromise (mitre_attack)
• Accellion (platform)