Jones Day, the powerhouse law firm known for high-profile clients and cases—including aiding former President Donald Trump’s efforts to overturn his 2020 election loss—confirmed Tuesday some of the firm’s “information” had been “taken” through a hack targeting one of its vendors.
In statements to reporters at the American Lawyer and the Wall Street Journal, Jones Day maintained that its network had not been breached, blaming a third-party file sharing product instead. The company that makes it, Accellion, confirmed in January that one of its products had been compromised, disclosing that “less than 50 customers” had been effected. An early February update from the company said it had become aware of an initial attack in mid-December that continued into January 2021.
The emails were posted to Cl0p Leaks, a dark web site where other stolen data has been shared, on February 9. It’s unclear who exactly is behind the breach. A message sent to the site’s support email addresses was not immediately returned. But the Wall Street Journal reported that people claiming to be behind the theft have said they had “over 100 gigabytes of data.” Vice reported Tuesday that the same attackers claimed they tried to engage Jones Day in talks about the stolen material but didn’t hear back. “We hacked their server where they stored data,” they told Vice. “On attempts to ‘settle’ they responded with silence and we had to upload the data.”
“Cl0p” refers to a variant of ransomware, software designed to lock a victim’s computer files until a ransom is paid. Brett Callow, a threat analyst with cybersecurity firm Emisoft, says there’s some debate as to who is behind the Cl0p Leaks site, but others have linked it to a prolific ransomware group with a history of financially extorting major targets. On its dark web site, that group claims it has “never attacked hospitals, orphanages, nursing homes, charitable foundations, and we will not,” but noted that it will attack commercial pharmaceutical organizations since “they are the only ones who benefit from the current pandemic.” The people behind the site also claim that they’ll help businesses fix holes and vulnerabilities that allow people such as themselves to steal and post their data for a fee: $250,000 in bitcoin.
“As Clop posted Jones Day’s data, it would seem that they were responsible for hacking the [the third party’s service], or they purchased or otherwise obtained the data from whichever threat actor was really responsible,” Callow said. “Neither option is good: Clop may have the data obtained via hacks of other [file transfer services]—which could be posted online—or an unknown third-party may be selling that data.”
Even before Jones Day worked with Trump on his election cases last fall, the firm was among the most prominent in the country, with over $2 billion in revenue and more than 2,000 lawyers, some of whom maintain ties to the highest echelons of Republican politics. Don McGahn, Trump’s onetime White House counsel, was a Jones Day partner prior to taking that post and returned after he left. The firm has been involved in roughly 20 election-related lawsuits on behalf of Trump or the Republican Party, the Times reported. After the election a group of anonymous senior lawyers at the firm told the New York Times that they were worried Jones Day’s work for Trump helps “undermine the integrity of American elections.”
The American Lawyer reported that Jones Day is the second law firm to confirm having been part of the Accellion breach after, Goodwin Procter, admitted involvement in January.