Cyber Incident Victim: Jones Day
Date:
Dec 2020
Location:
United States of America
Summary
A law firm experienced a data breach through a compromised file transfer platform used by its vendor, Accellion, leading hackers to publicly post claimed confidential documents including legal briefs and correspondence. The attackers, associated with the Clop group, asserted possession of over 100 gigabytes of data and attempted ransom negotiations, though the firm denied any direct network intrusion or ransomware incident. It confirmed the vendor’s system was exploited and initiated investigations while engaging with impacted clients and authorities. The incident mirrored breaches affecting other legal entities using the same vendor, though no additional clients acknowledged exposure at the time.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In February 2021, Jones Day confirmed it was affected by a data breach involving Accellion, a third-party file transfer vendor used by the law firm and other organizations. The breach occurred when attackers compromised Accellion’s legacy File Transfer Appliance (FTA) platform, enabling unauthorized access to data. A hacking group known as Clop subsequently posted files allegedly stolen from Jones Day on a dedicated website, including a “confidential mediation brief” addressed to a judge and a cover letter for “confidential documents.” Media outlets, including the Wall Street Journal, verified the authenticity of some posted materials, though Above the Law characterized the leaked content as “relatively mundane.” Clop claimed to possess over 100 gigabytes of Jones Day data and stated it had attempted ransom negotiations with the firm, which were reportedly unsuccessful. Jones Day clarified that its internal networks remained uncompromised and emphasized the incident was not a ransomware attack but a vendor system breach.
Jones Day initiated an investigation upon notification of the Accellion compromise and engaged with affected clients and authorities. The firm issued a public statement denying any direct network intrusion or ransomware involvement, attributing the exposure solely to the vendor’s compromised platform. Concurrently, Goodwin Procter, another law firm using Accellion’s services, disclosed potential client data exposure in early February, though no other Accellion clients acknowledged impacts when contacted by Law.com. The breach highlighted risks associated with vendor dependencies, particularly legacy systems like Accellion’s FTA, which had been discontinued prior to the attack. While the leaked documents did not reveal highly sensitive material, the incident underscored potential vulnerabilities in third-party data handling within legal services. Jones Day maintained ongoing client communications and regulatory coordination as part of its response, with no further disclosures regarding the scope of affected data or remediation timelines.