Cyber Incident Victim: Lightfoot, Franklin & Wright, LLC

On April 17, 2021, Lightfoot, Franklin & White, LLC, a Birmingham-based law firm specializing in commercial litigation, product liability, and white-collar criminal defense, detected and halted a ransomware incident. The unauthorized third-party attackers gained access to specific client case files containing personal information of individuals associated with legal matters, including plaintiffs, defendants, witnesses, and non-parties. The compromised data included Social Security numbers, government-issued identification, and health or medical information. The firm confirmed that 6,145 clients were affected by this unauthorized access or acquisition of data. No evidence indicated misuse of the exposed information at the time of notification. The incident was confined to client case files, though the specific systems or attack vectors exploited were not disclosed in the firm’s communication.

Upon discovery, the firm immediately contained the incident, engaged external consultants to investigate, and notified law enforcement. To prevent potential disclosure or misuse of the compromised data, the firm reached a resolution with the threat actors, resulting in confirmation from the attackers that the data had been destroyed—though the notification did not explicitly state whether a ransom payment was made. Lightfoot arranged for dark web monitoring to detect potential exposure of the affected information and offered mitigation services such as credit monitoring to impacted individuals. The firm did not disclose the identity of the threat actors, the ransom amount, or technical details about the ransomware variant. Client notifications focused on the nature of the exposed data, steps taken to resolve the incident, and protective measures provided, without elaborating on operational disruptions or broader organizational impacts beyond the data compromise.