Security News > 2021 > July > Law Firm Campbell Conroy & O'Neil Discloses Ransomware Attack

Prominent law firm Campbell Conroy & O'Neil said it fell victim to a ransomware attack five months ago that resulted in systems holding sensitive information being compromised.

The firm offers services to numerous Fortune 500 and Global 500 companies, including automakers, aviation and aerospace, energy/utilities, industrial machinery, insurance, and transportation organizations, among others.

Last week, the law firm announced that it detected unusual activity on its network on February 27, and that an investigation into the matter revealed that certain systems were infected with ransomware.

While the firm focused on personally identifiable information in its disclosure, it left details unclear on what sensitive client business data may have been exposed in the attack.

"The most valuable data at a law firm is certainly not PII as disclosed by the law firm in question. Smart cybercriminals are chasing for sensitive dossiers of wealthy or politically exposed customers, looking for attorney-client privileged information or other sensitive litigation-related data. Modern cyber gangs are well aware of it in the Dark Web, there are dedicated channels to buy and sell data from compromised law firms," Ilia Kolochenko, Founder of ImmuniWeb, told SecurityWeek in an emailed comment.

"Currently, law firms enjoy a very modest data protection regulation regime compared to such industries as banks or healthcare institutions, while processing data of the same or even higher sensitivity. We should expect a steady growth of sophisticated attacks against law firms in the near future," Kolochenko added.

News URL

http://feedproxy.google.com/~r/securityweek/~3/HpQi6EFDN5w/law-firm-campbell-conroy-oneil-discloses-ransomware-attack