Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Law Firm to Celebrities Suffers Major Data Breach

May 12, 2020

Variety (a source I've never used before) reported on May 9 that Grubman Shire Meiselas & Sacks, a large media and entertainment law firm, appears to have been the victim of a cyberattack that resulted in the theft of an enormous amount of private information on dozens of celebrities, according to a data security researcher.

The data allegedly stolen from the New York-based firm by hackers — a total of 756 gigabytes — includes contracts, nondisclosure agreements, phone numbers and email addresses, and "personal correspondence," according to an image of the hackers' post provided to Variety by Emsisoft, a cybersecurity software and consulting company specializing in ransomware.

The documents allegedly include information about many music and entertainment figures, including: Lady Gaga, Madonna, Nicki Minaj, Bruce Springsteen, Mary J. Blige, Ella Mai, Christina Aguilera, Mariah Carey, Cam Newton, Bette Midler, Jessica Simpson, Priyanka Chopra, Idina Menzel, HBO's "Last Week Tonight With John Oliver," and Run DMC.

Representatives for Grubman Shire Meiselas & Sacks did not respond to Variety's requests for comment on May 8. As of Saturday morning, the firm's website displayed only its logo. That remains true as I type this post on May 11.

In the type of ransomware attack which appears to have been carried out against the law firm, cybercriminals use the threat of releasing the stolen data as leverage to extort payment of a ransom. In this case, they are threatening nine staggered releases of data if payment is not received.

Variety acknowledged that it was unable to verify the authenticity of the allegedly stolen documents. According to Emsisoft, the hackers posted evidence of the data theft via a forum on the dark web. Not known is the dollar amount that the ransomware group is asking for not making the data public, but I am guessing it is a pretty penny.

The ransomware attack on Grubman Shire Meiselas & Sacks was perpetrated by a group called "REvil," also known as "Sodinokibi," which has previously targeted Travelex, Brooks International and other organizations. Travelex, the U.K.-based currency-exchange company, paid $2.3 million in bitcoin to hackers that had infected its network with viruses, the Wall Street Journal reported last month.

The list of celebrities in the article is long and impressive. Those clients cannot be happy.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson