IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Donald Trump’s one-time law firm allegedly suffers data breach

Hackers claim to have stolen 100GB of confidential files belonging to the Jones Day law firm

Data breach

Hackers claim to have stolen confidential files belonging to the Jones Day law firm, which once represented former-president Donald Trump. The hackers allegedly posted sensitive files on the dark web, but the law firm denies the breach occurred.

DataBreaches.net initially reported the attack, which is thought to involve the Clop ransomware gang. The hackers claimed to have obtained 100GB of data from the law firm and published redacted files to prove their attack. The gang has demanded a $20 million ransom payment in return for a decryption key.

The law firm disputed the hackers' claims that they breached its network. However, it did say a file-transfer platform it used was recently compromised, affecting the firm’s data. The compromised platform belongs to California-based cloud computing company Accellion.

“Jones Day has been informed that Accellion’s FTA file transfer platform, which is a platform that Jones Day—like many law firms, companies, and organizations—used was recently compromised and information taken,” a spokesperson for the firm said in a statement to Bloomberg Law. 

“Jones Day continues to investigate the breach and has been, and will continue to be, in discussion with affected clients and appropriate authorities.”

The Wall Street Journal said it’s not only seen some breached files, but it could also “see the existence of many more files — mammoth in size — also purported to belong to Jones Day.”

James McQuiggan, Security Awareness Advocate at KnowBe4, told IT Pro that like the SolarWinds supply-chain attack, the cyber criminals are focusing their attacks on those third parties and service providers that support many customers.

“These organizations will want to review and elevate their security programs to ensure they do not suffer a breach, leading to a similar compromise. These attacks damage the organization’s customers and clients and damage the reputation and possible bottom line for that organization,” McQuiggan said. 

“With an organization that provides large file transfers, one consideration for them to protect their data is to encrypt the data before transferring it and to protect it from the third-party provider. Upon delivery to the receiver, they would have the key to decrypt and view the data."

Related Resource

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

cost of a data breach report 2020 - whitepaper from IBMDownload now

Martin Jartelius, CSO at Outpost24, told IT Pro what we’re seeing now are the effects of the Accellion intrusion from December.

“It’s an external file sharing solution that’s decades-old and has been used by several organizations. As we are seeing more and more data related to the breach hitting the news, other organizations that have used the services should review and prepare processes to inform any clients and any individuals for whom data has been processed on this platform,” Jartelius said. 

“Noting that we are approaching a two-month mark from when the breach likely occurred, those who suspect they may be affected should consider informing any affected data subjects at the soonest in line with current privacy legislation and not wait and hope for the best.”

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022
Dell Technologies World 2022: Dell unveils security offerings for major cloud providers
public cloud

Dell Technologies World 2022: Dell unveils security offerings for major cloud providers

3 May 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Researchers demonstrate how to install malware on iPhone after it's switched off
Security

Researchers demonstrate how to install malware on iPhone after it's switched off

18 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022