Law firm Bryan Cave Leighton Paisner Victim of Major Cyber Attack
Law firm Bryan Cave Leighton Paisner (BCLP) has reported a significant cyber attack. In the attack, the sensitive data of more than 50,000 current and former employees of snack food conglomerate Mondelēz International was exposed. Mondelēz International, known for producing popular snack foods like Oreo cookies and Ritz crackers, was inadvertently affected due to its association with BCLP.
The Cyber Security breach, discovered by BCLP in late February, included areas involving client files. The stolen data encompasses personal data, including; employee names, birth dates, Social Security numbers, home addresses and more. Upon discovery, the law firm launched a robust investigation, enlisting the help of an external cyber security forensics firm, notifying law enforcement and affected stakeholders. BCLP informed Mondelēz of the breach on March 24th, 2023, and Mondelēz confirmed on May 22nd, 2023 that it had ascertained the identities of those impacted and had begun notifying the affected individuals.
Mondelēz International Responds to Breach
Mondelēz International responded to the situation by stating, “We take the security of our employee data very seriously.” The company took immediate action once notified about the situation, and they are continuing to work with partners to provide impacted employees with appropriate assistance.
The Mondelēz notice clarified that the cyber attack did not directly involve or affect their company’s systems and that the impact on employees was solely due to the breach at BCLP. The Maine attorney general’s office confirmed that 51,110 people were affected by the breach.
The incident shows that even companies not directly targeted in a cyber attack can still be significantly impacted due to their associations with breached entities in their supply chain.
Widespread Cyber Attacks on Big Law Firms Highlight Urgent Need for Improved Security
This incident underscores the increasing frequency of cyber attacks on law firms, which has seen a worrying escalation in recent years. Such breaches often involve sensitive data of both the firms and their clients, highlighting the need for improved security protocols within the industry.
Similarly, earlier this year, Proskauer Rose confirmed a similar breach that exposed its clients’ sensitive financial information to hackers. In 2021, data from Goodwin Procter and Jones Day was exposed through a breach at tech provider Accellion, now known as Kiteworks. The firms confirmed the breach resulted in confidential client data exposure. Covington & Burling faced an attack in 2020 that possibly exposed nonpublic information involving about 300 corporate clients. And only recently the Australian law firm HWL Ebsworth announced that it has been the target of a Cyber Attack which resulted in the breach of government data.
These incidents highlight a clear pattern of persistent security threats facing law firms and the need for comprehensive cyber security measures to ensure the protection of sensitive client data.
One2Call work with businesses across the UK to ensure that their business is secure from cyber attacks that could threaten them. We work to understand your current level of Cyber Security and advise the best solutions to ensure that your business is protected against the latest cyber threats. Our Cyber Security Self Assessment form, which can be downloaded below, covers all of the key pillars of a comprehensive Cyber Security solution such as;
- Active Email Threat Protection: This Monitors your Email for Phishing and Targeted Attacks. Using advanced artificial intelligence tools, it is able to monitor for changes in language, brand impersonation attempts, malicious files, check links for legitimacy and much more.
- Endpoint Detection & Response: Compared to Traditional Signature Based Anti-Virus which can only monitor for known viruses, Endpoint Detection & Response uses Artificial Intelligence to monitor for unusual, suspicious or malicious activity on any of your endpoints/devices and stop it in its tracks.
- Dark Web Monitoring: Do you know what the Dark Web is? Do you know if any of your business account credentials could be available on the dark web for anyone to find and use to access your accounts? Our Dark Web monitoring service scours the Dark Web to find if your details have been leaked and notify us and you, so that we can work with you to help you secure your online accounts.
- Multi-Factor Authentication: MFA/2FA can secure you accounts against unauthorised access, even if your account details have been leaked on the dark web, without your unique 2FA/MFA code malicious threat actors can not access your accounts. We can work with your business to implement Multi-Factor Authentication across your accounts.
- Backups: A strong Backup Policy ensure that your business can recover from data loss or encryption attacks quickly and easily. Cyber Attackers have become smart to businesses using a comprehensive backup solution and in recent years have started to target these as part of their attacks, this is why we have implemented Immutable Backups. These backups are “Read Only” meaning that they can not be deleted or targeted as part of a cyber attack, ensuring that you always have a backup to recover from.
- MUCH more, including; Password Policies, Security Awareness Training, Patch Policy Management, SIEM/Log Management, Mobile Device Management & Security, Firewall & Encryption.
To find out about all of this and much more, download our FREE Cyber Security Self Assessment form where we can work with you to ensure that your business has the best Cyber Security policies in place to protect your business data.
Latest News Stories
Reddit Hackers Threaten to Release Stolen Data Unless API Changes Reversed
The BlackCat ransomware criminal group, also known by the alias ALPHV, has demanded a $4.5 million ransom and the revocation of planned API pricing changes from Reddit. The group has warned that failure to meet their demands will result in the publication of 80GB of...
U.S. Energy Department and Other Agencies Compromised in MOVEit Cyber Attack
Several U.S. government agencies, including the U.S. Energy Department, have announced that they are among the businesses who have fallen victim to the MOVEit Cyber Attack. Officials reported on Thursday June 15th that data was compromised at two entities within the...
Pharmaceutical Companies Data Reportedly Stolen in Ransomware Attack
The Russia-linked ransomware group LockBit has claimed responsibility of a Cyber Attack which they launched on the Indian pharmaceutical company Granules India, as proof of the attack they have revealed segments of the supposedly stolen data. The presence of Granules...
Our Customers
Testimonials
Harry Lynford, Image Data
Great service and very helpful.
Emily Laycock, CFS Formations
Very friendly and helpful over the telephone. Engineers worked fast to fix our issues.
Pete Richardson, DALP
Always provide very prompt support. Excellent.