Campbell Conroy & O’Neil, P.C., a law firm handling hundreds of cases for the world’s leading companies, has announced a large data breach that resulted from a ransomware attack in February 2021.
The firm’s internal investigation revealed that the hackers behind the attack gained access to a database with names, dates of birth, driver’s license numbers/state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data, and/or online account credentials.
Campbell’s client list includes high-profile companies from various industry sectors and some of its current and past clients include Exxon, Apple, Mercedes Benz, Boeing, Home Depot, British Airways, Dow Chemical, Allianz Insurance, Universal Health Services, Marriott International, Johnson & Johnson, Pfizer, Time Warner, and many others.
The nature of the attack appears variable. “Please note that the information varies by individual and for many individuals, a limited number of data types were determined to be accessible,” Campbell says.
Looking at the ramifications that stem from such incidents, for Digital Journal, is Gary Ogasawara, CTO, Cloudian.
Ogasawara says the incident reminds the business world why cybersecurity is of great importance: “As ransomware strategies become increasingly sophisticated and often result in data theft and exploitation, businesses must act immediately to shore up their defenses, particularly for sensitive data.”
It also remains that many firms are exposed to attacks: “A recent survey of those that experienced an attack found that 49 percent had perimeter defenses in place at the time of the attack, but ransomware still penetrated.”
This vulnerability requires action, as Ogasawara states: “This means organizations should encrypt their data both in flight and at rest, so hackers can’t read or expose the data.”
“In addition, and most importantly, they should have an immutable (unchangeable) backup copy of their data, which prevents cybercriminals from infecting it with ransomware. This combination of encryption and immutability ensures complete protection in the event of a ransomware attack and eliminates the need to pay ransom.”