Long story short, hackers have stolen data from multiple companies and posted it online. Some of those companies are law firms and some of the data that has been posted is extremely sensitive – information relating to veterans’ PTSD claims, for example.
I’ve chosen a section of the document that doesn’t include any personal information for obvious reasons. The problem is that companies aren’t disclosing these incidents, so people don’t know that their names, addresses, social insurance numbers, medical history has fallen into the hands of cybercriminals and that they should set up credit monitoring, etc.
The hacker group Maze has re-listed the Texas law firm Baker Wotring on its site under the heading “full dump” and has now released the firm’s data. The data includes pain diaries from personal injury cases, fee agreements, HIPPA consent forms and more. Baker Wotring once again declined to return requests for comment.
Maze had taken Baker Wotring’s name off its list late last week, leading to the conclusion that the firm paid the hacker’s ransom. The republishing of the firm name and the data dump suggest otherwise
and from the ABA:
Two law firms are grappling with the effects of recent cyber intrusions.
The 11-lawyer Texas law firm Baker Wotring had its data exposed by hackers, including fee agreements and diaries from personal injury cases, Law.com reports.
A second firm, Wilson Elser Moskowitz Edelman & Dicker, responded to suspicious activity on its network by taking it offline, Law360 reports. A law firm press release is here.
Wilson Elser said lawyers are accessing emails through a remote system, its phone system is working, and its offices are open. There is no indication, at this point, that any client data has been compromised, the firm said in the Feb. 10 statement.
Baker Wotring’s data, on the other hand, was exposed in what the hacking group Maze called a “full dump,” according to Law.com. Maze hacks into targets and seizes their data, then seeks to expose it unless a ransom is paid.
Baker Wotring is one of at least five law firms targeted by Maze since last month.
In past incidents, Maze has sought a ransom in the range of $1 million to $2 million.