Grubman Shire Meiselas & Sacks, a New York law firm that serves celebrity clients in the entertainment industry, recently confirmed that hackers breached the organization. The cybercriminals allegedly stole contracts and personal emails belonging to clients including Lady Gaga, Madonna, Bruce Springsteen, Rod Stewart, and Elton John.
According to the BBC, the cybercriminals are threatening to publish sensitive data unless the law firm pays up. The demanded ransom amount has not been released. They allegedly stole 756 gigabytes of data. A screenshot of Madonna's contract may have already been released.
The law firm said it has notified its clients and is working with cybersecurity experts, although it is unclear if they are considering paying the ransom. The firm's website was down following the attack.
According to the founder & CEO of web security company ImmuniWeb, law firms are an attractive target for hackers because they can breach mid-sized law firms and get highly confidential data more easily than attacking its clients, such as banks or celebrities, directly. In addition, many law firms access confidential data with mobile phones and laptops as well as office computers and upload these documents to the cloud or file sharing websites.
He said that few law firms have prioritized strong cybersecurity, provide sufficient employee training, or have incident detection and response capacities. Plus, many might try to keep the incident quiet to avoid reputational damage. Tom Jowitt "Celebrity Law Firm Hacked, Attackers Threaten To Leak Stolen Data" silicon.co.uk (May 12, 2020).