Hacked Law Firm Informs Celeb Clients Including Lady Gaga And Madonna Of Data Breach – Experts Insight

As reported by Variety, major media and entertainment law firm Grubman Shire Meiselas & Sacks said that after its internal data systems were hacked — and a vast trove of information on its clients was stolen — it has informed its roster of A-list clients of the breach. “We can confirm that we’ve been victimized by a cyberattack,” the New York-based firm said in a statement to Variety. “We have notified our clients and our staff. We have hired the world’s experts who specialize in this area, and we are working around the clock to address these matters.”

News of the hack surfaced last week, after a hacker group claimed it infiltrated the Grubman Shire Meiselas & Sacks network and stole a whopping 756 gigabytes of documents on multiple music and entertainment figures. Those include clients past and present, among them: Lady Gaga, Madonna, Nicki Minaj, Bruce Springsteen, Mary J. Blige, Ella Mai, Christina Aguilera, Mariah Carey, Cam Newton, Bette Midler, Jessica Simpson, Priyanka Chopra, Idina Menzel and Run DMC, the hackers claimed.

Experts Comments

May 13, 2020
Hugo Van den Toorn
Manager, Offensive Security
Outpost24
Paying ransom does not guarantee that the attackers will not do anything with the data. As a matter of fact, the worst has already happened; the company’s reputation has been impacted. Paying and dealing with the threat actors might therefore be the absolute last resort. Depending on the scale: Investigating the matter, informing customers in full and making sure it does not ever happen again so starting from scratch might be the best way forward here. REvil/Sodinokibi is a strain of.....Read More
Paying ransom does not guarantee that the attackers will not do anything with the data. As a matter of fact, the worst has already happened; the company’s reputation has been impacted. Paying and dealing with the threat actors might therefore be the absolute last resort. Depending on the scale: Investigating the matter, informing customers in full and making sure it does not ever happen again so starting from scratch might be the best way forward here. REvil/Sodinokibi is a strain of ransomware, the threat actor group itself is called ‘GOLD SOUTHFIELD’: The REvil (also known as Sodinokibi) ransomware was first identified on April 17, 2019. It is used by the financially motivated GOLD SOUTHFIELD threat group  Read Less
May 13, 2020
Jonathan Knudsen
Senior Security Strategist
Synopsys
Ransomware is effective and devastating because it allows hackers to sell information back to the people who value it most—the victims. As with other ransom situations, it is also impossible to know if paying the ransom will make your problem go away. Even if you regain access to your own information, your attacker might still have a copy of the information and be able to resell it to other interested parties. Personal information is valuable by itself, but personal information about.....Read More
Ransomware is effective and devastating because it allows hackers to sell information back to the people who value it most—the victims. As with other ransom situations, it is also impossible to know if paying the ransom will make your problem go away. Even if you regain access to your own information, your attacker might still have a copy of the information and be able to resell it to other interested parties. Personal information is valuable by itself, but personal information about celebrities is even more valuable. The attackers in this case have, unfortunately, perpetrated a crime with deep impact. Like the celebrities whose information is now in jeopardy, we all interact with organisations every day that might result in a situation like this. It is impossible to evaluate the security posture of every business where you have sensitive information, and for the most part, we must rely on a system of trust. Businesses can reduce the risk of a catastrophic breach by taking a proactive, security-first stance and following industry best practices in designing and implementing their technology solutions.  Read Less
May 13, 2020
Tim Erlin
VP of Product Management and Strategy
Tripwire
The overwhelming tendency is to focus on the ransomware itself in these types of cases, but ransomware doesn’t magically appear on a system. Organizations that are concerned about ransomware should assess how well they’ve deployed basic controls like vulnerability management, secure configurations and email protections. The first line of defense against ransomware is to prevent it from getting inside in the first place. Ransomware makes headlines, in part, because it’s always detected......Read More
The overwhelming tendency is to focus on the ransomware itself in these types of cases, but ransomware doesn’t magically appear on a system. Organizations that are concerned about ransomware should assess how well they’ve deployed basic controls like vulnerability management, secure configurations and email protections. The first line of defense against ransomware is to prevent it from getting inside in the first place. Ransomware makes headlines, in part, because it’s always detected. It has to be, in order to get the ransom paid. Keep in mind that if self-announcing ransomware can get in, so can much more stealthy attackers.  Read Less
May 13, 2020
Francis Gaffney
Director of Threat Intelligence
Mimecast
Attacks like this one are becoming more common and really highlight the need for organisations to take data protection seriously. It is clear that businesses are still struggling with large-scale data breaches and this is particularly worrying for those in the legal sector, as they often deal with very sensitive information. When somebody trusts you with such important information, it is vital that you adequately protect it, know exactly where it is stored, and who is able to access it. The.....Read More
Attacks like this one are becoming more common and really highlight the need for organisations to take data protection seriously. It is clear that businesses are still struggling with large-scale data breaches and this is particularly worrying for those in the legal sector, as they often deal with very sensitive information. When somebody trusts you with such important information, it is vital that you adequately protect it, know exactly where it is stored, and who is able to access it. The financial penalties for these breaches drastically outweighs the cost of investing properly in appropriate security and data management solutions. It is also not just the financial penalties that businesses face, but the damage to their reputation as well. Once this happens, brands often lose the trust of consumers and partners and this can be a struggle to recover. This is particularly relevant in this case, with the data belonging to such high-profile individuals.  Read Less
May 13, 2020
Sam Curry
Chief Security Officer
Cybereason
Human beings are the single biggest asset cyber criminals have in extorting money, and specifically in the case of the breach of the Grubman law firm. This breach appears to be a surgical strike against Grubman, knowing they represent many of the biggest celebrities in the world. The million dollar question is how much personal information the hackers have obtained and how real are their threats? This is no laughing matter. And what are the ransom demands of the hackers? If the hackers have.....Read More
Human beings are the single biggest asset cyber criminals have in extorting money, and specifically in the case of the breach of the Grubman law firm. This breach appears to be a surgical strike against Grubman, knowing they represent many of the biggest celebrities in the world. The million dollar question is how much personal information the hackers have obtained and how real are their threats? This is no laughing matter. And what are the ransom demands of the hackers? If the hackers have obtained personal information of these celebrities, will they give Grubman the encryption keys and return stolen files if the ransom demands are met? Unfortunately, there are no longer any guarantees for companies that decide to pay a ransom because there is less and less honesty amongst these cyber criminals. Paying a ransom no longer guarantees a return of proprietary information. The longer term issue for Grubman, other law firms and any organisation is what approach are they taking to secure private information. Today, its no longer a matter of if, but when a breach will occur. Every company has been hacked, most many times over, and it comes down to how quickly a company identifies malicious activity and stops it. In the case of Grubman and their large list of A list celebrities, most if not all of them are sweating out the current situation and hoping the damage will be minimal.  Read Less
May 18, 2020
Colin Bastable
CEO
Lucy Security
If you don't patch people as part of an integrated cybersecurity strategy, you get to make statements like “We are grateful to our clients for their overwhelming support and for recognizing that nobody is safe from cyberterrorism today." That client support will turn to overwhelming lawfare if the celebrities feel pain. If people need a lesson on how hackers fuse psychology, marketing and "impending event" sales closing, this is a perfect case study in the black art of hackstortion. Doubling.....Read More
If you don't patch people as part of an integrated cybersecurity strategy, you get to make statements like “We are grateful to our clients for their overwhelming support and for recognizing that nobody is safe from cyberterrorism today." That client support will turn to overwhelming lawfare if the celebrities feel pain. If people need a lesson on how hackers fuse psychology, marketing and "impending event" sales closing, this is a perfect case study in the black art of hackstortion. Doubling down and leveraging Donald Trump’s brand value is perfect. No downside for the hackers, no upside for the victims and all grist for the media mill, because someone fell for a phishing email. If state-of-the-art security technology worked, we would not be suffering from these relentless attacks. A holistic approach to cybersecurity mandates that people are treated as part of the security ecosystem – they can either be weak links in the chain of security or they can be positive reinforcements in the defenses. But they must be tested and trained as an ongoing security process. This is a classic case study in why hackers are always at an advantage – they leverage human behavior, psychology, marketing and sales techniques as well as current affairs, to create an environment that is conducive to their goals. There is little risk, if any to them. For the victims, it is lose-lose. The law firm is caught between a hacking rock and a client base hard place. For every other law firm, ensure that all of partners and staff are mandated to undergo training. We know that some partners and senior lawyers (like other high-powered professionals) dislike being required to undergo security awareness training – they are super-smart people and may get angry if they are “caught out” by simulated phishing attacks and forced to sit on the naughty step.  Read Less
May 13, 2020
Ilia Kolochenko
Founder and CEO
ImmuniWeb
Law firms are increasingly becoming desirable targets of sophisticated cyber gangs. It is often much easier and faster to breach a mid-sized law firm to get ultra-confidential data compared to targeting its large clients directly, such as banks or celebrities as reportedly happened in this case. In a highly competitive and now digitally-disrupted legal services market, few law firms are prioritising investment into holistic cyber resilience and defense, understand their attack surface, let.....Read More
Law firms are increasingly becoming desirable targets of sophisticated cyber gangs. It is often much easier and faster to breach a mid-sized law firm to get ultra-confidential data compared to targeting its large clients directly, such as banks or celebrities as reportedly happened in this case. In a highly competitive and now digitally-disrupted legal services market, few law firms are prioritising investment into holistic cyber resilience and defense, understand their attack surface, let alone conduct sufficient employee training. Furthermore, a considerable number of law firms have no incident detection and response capacities, often leaving them unable to detect an intrusion in a timely manner. Worse, modern law firms have to deal with diversified digital flow of sensitive and privileged data on their mobile phone, laptops and office computers. Partners and clients exacerbate this convoluted landscape by uploading confidential documents to public cloud or file sharing websites. Moreover, even if a data breach is detected, a not insignificant number of law firms would prefer to keep the incident as silent as possible to avoid disastrous reputational damage and acrimonious lawsuits from their clients. Ultimately, law firms are a low hanging fruit for cybercriminals, enabling the latter to get their hands on crown jewels of major organizations without spending much effort.  Read Less
May 13, 2020
Jake Moore
Cybersecurity Specialist
ESET
All companies are at risk of daily attacks, but some attract further attention due to the kudos or media value they may possess. Celebrity hacks have always gained global attention and can therefore cause more damage, and this in turn loads those companies with extra pressures to pay out. This excerpt of data already released acts as a warning shot to the firm and shows that the attackers mean business. However, there is still no real evidence that the further hundreds of gigabytes are really .....Read More
All companies are at risk of daily attacks, but some attract further attention due to the kudos or media value they may possess. Celebrity hacks have always gained global attention and can therefore cause more damage, and this in turn loads those companies with extra pressures to pay out. This excerpt of data already released acts as a warning shot to the firm and shows that the attackers mean business. However, there is still no real evidence that the further hundreds of gigabytes are really in the attacker’s possession. This will be a difficult decision to make, but I always advise companies not to pay the demands. The hackers do not obey normal morals and if they do have the firm’s data they could very easily still release it at any time, or in fact increase demands further.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.