Boston-based Campbell Conroy & O’Neil, one of the largest law firms in the United States, has disclosed they suffered a ransomware attack. The firm, colloquially known as “Campbell,” has an array of Fortune 500 clients that cover numerous industries and include prominent corporate names like Nissan, Home Depot, and even the much-maligned Monsanto. As this is the case, a hacker could theoretically access a large swath of lucrative data in a successful attack.
Campbell broke the news of the ransomware incident via an official press release that reads partly as follows:
On February 27, 2021, Campbell became aware of unusual activity on its network. Campbell conducted an investigation and determined that the network was impacted by ransomware, which prevented access to certain files on the system. In response, Campbell began working with third-party forensic investigators to investigate the full nature and scope of the event and to determine what information may have been impacted and to whom the information relates. Campbell also alerted the FBI of the incident. Campbell is providing notice because the investigation thus far determined that certain information relating to individuals was accessed by the unauthorized actor.
Campbell Conroy & O’Neil did not name the attacker responsible, nor did they state how the threat actors breached the network. Additionally, the law firm stated that they could not confirm what information, if any, was definitively accessed in the attack. They did reveal, however, that a large amount of personal information was potentially exposed. This includes the following as stated in the press release:
...certain individuals’ names, dates of birth, driver’s license numbers / state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data, and/or online account credentials (i.e. usernames and passwords).
Campbell Conroy & O’Neil is offering two years of free access to various services to counteract any identity theft or financial fraud attempts.
Featured image: Shutterstock