Fortune 500 law firm hit by ransomware attack

US-based legal giant Campbell Conroy & O’Neil that serves Fortune 500 firms, including Apple and Pfizer, is continuing its investigation on a ransomware attack that resulted in unauthorized access to certain client data.

The law firm says it “alerted the FBI of the incident” and posted a breach notification on its website because “the investigation thus far determined that certain information relating to individuals was accessed by the unauthorized actor.”

In addition to Apple and Pfizer, the firm’s clients include dozens of Fortune-500 and Global 500 companies, such as Marriott International, Boeing, British Airways, Allianz Insurance, Johnson & Johnson and Mercedes Benz.

The law firm says that the attack has now been contained and that there is no active threat to the firm’s network. It did not specify if any data was exfiltrated or leaked. It reported that one of the systems accessed by the hackers that contained sensitive personal information was encrypted by the intruders. 

Campbell Conroy & O’Neil said it became aware of unusual activity on its network on Feb. 27 and conducted an investigation that determined ransomware was involved.

Regarding the delay in reporting, it said: “It takes time to review the data accessed by the unauthorized actor and to determine notification obligations.”

The law firm told ISMG that it was the target of a ransomware attack “which prevented access to certain files on the system. In response, Campbell began working with third-party forensic investigators to investigate the full nature and scope of the event and also alerted the FBI of the incident.”

The firm has notified individuals whose information was accessed by the unauthorized actor. It says the breached system contained individuals’ names, dates of birth, driver’s license numbers/state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data and/or online account credentials, such as usernames and passwords. 

The firm says it’s working with third-party forensic investigators to investigate the full nature and scope of the event and to determine what information may have been exposed.

The law firm said it was reviewing its policies and procedures and working to implement additional safeguards to further secure its information systems, saying its systems are now “fully operational” and it “does not anticipate any significant impact to ongoing litigation nor to our representation of our valued clients.”