Hacked Law Firm Informs Clients Like Lady Gaga and Bruce Springsteen of Data Breach
Major media and entertainment law firm Grubman Shire
Meiselas & Sacks said that after its internal data systems were hacked —
and a vast trove of information on its clients was stolen — it has informed its
roster of A-list clients of the breach.
“We can confirm that we’ve been victimized by a
cyberattack,” the New York-based firm said in a statement to Variety. “We have
notified our clients and our staff. We have hired the world’s experts who
specialize in this area, and we are working around the clock to address these
matters.”
News of the hack surfaced last week, after a hacker group
claimed it infiltrated the Grubman Shire Meiselas & Sacks network and stole
a whopping 756 gigabytes of documents on multiple music and entertainment
figures. Those include clients past and present, among them: Lady Gaga,
Madonna, Nicki Minaj, Bruce Springsteen, Mary J. Blige, Ella Mai, Christina
Aguilera, Mariah Carey, Cam Newton, Bette Midler, Jessica Simpson, Priyanka
Chopra, Idina Menzel and Run DMC, the hackers claimed.
The data stolen by the hackers allegedly includes contracts,
nondisclosure agreements, phone numbers and email addresses, and private
correspondence, the group’s claims posted on a dark web forum, according to
cybersecurity firm Emsisoft. The group behind the attack didn’t release all the
data they had supposedly purloined. To show the hack was real, they released an
excerpt from a contract for Madonna’s 2019-20 “Madame X” tour with Live Nation.
It’s evidently a ransomware attack, in which cybercriminals
use the threat of releasing the stolen data as leverage to extort payment. It
is not known what demands the hackers have made in connection with the theft of
Grubman Shire Meiselas & Sacks data.
The attack on the law firm — whose clients spans music
artists, actors and TV personalities, sports stars, and media and entertainment
companies — was carried out by a group called “REvil,” also known as
“Sodinokibi,” according to Emsisoft. The group has previously targeted
companies and organizations including Travelex, the U.K.-based
currency-exchange company, which paid $2.3 million in bitcoin to hackers after
a ransomware attack, the Wall Street Journal reported.
Comments
Post a Comment