Cyber Incident Victim: TBG West Insurance

A ransomware attack targeting TBG West Insurance, a vendor serving Cadwalader, Wickersham & Taft, occurred on or around March 27, 2020. During this incident, unauthorized actors compromised TBG West's systems and potentially accessed sensitive information belonging to current and former employees of the law firm. Cadwalader became aware of the breach in July 2020 when forensic analysis revealed that employee data held by the vendor—including Social Security numbers—may have been exfiltrated. The breach notification explicitly stated that Cadwalader's internal systems remained unaffected, with no compromise of client data or firm-operated infrastructure. Cadwalader reported the incident to the Massachusetts Office of Consumer Affairs, confirming the breach originated solely within the vendor's environment.

The incident's primary impact centered on the potential exposure of personally identifiable information (PII), specifically Social Security numbers, of Cadwalader personnel. No operational disruption occurred at the law firm itself due to the isolation of the breach to TBG West's systems. Cadwalader's public communications emphasized the absence of client data involvement and the containment of the breach to the vendor's infrastructure. While the exact number of affected individuals was not disclosed, the firm undertook regulatory notifications consistent with state breach disclosure requirements. The ransomware attack on TBG West also coincided with separate cybersecurity incidents involving the New York City Bar Association and Chicago Bar Association, though those breaches stemmed from unauthorized code injections on their websites and were unrelated to the TBG West ransomware event.