Cyber Incident Victim: Lewis Brisbois
Date:
Jun 2026
Location:
United States of America
Summary
Lewis Brisbois experienced a cyberattack that involved social engineering calls posing as internal IT staff to obtain credentials. In response the firm blocked external network access and instructed remote and hybrid employees to work onsite or take firm‑issued computers home while additional equipment is procured. The attack prompted a warning about attempted hacks and led to plans to permanently prohibit personal device use for system access. Managing partner Greg Katz, who assumed leadership after a period of significant turnover, appointed new technology and information security chiefs to strengthen defenses.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 5, 2026, Curtis Hendzell, the information security director of Lewis Brisbois, sent a firmwide email warning employees that cyber criminals were calling staff, including on cellphones, posing as internal IT department personnel and falsifying caller ID to request urgent action to secure accounts. He noted that reports of such attempts were coming from across the firm. The tactics described matched those used by the Silent Ransom Group, which had previously victimized law firms such as Jones Day and Fox Rothschild. An FBI bulletin issued in May 2026 had warned that the group was targeting law firms through social engineering techniques, including phone calls, emails, and in‑person visits that pretended to be IT support. This warning preceded any public acknowledgment of a successful breach at Lewis Brisbois.
Five days later, on June 10, 2026, Elijah Bernal, an office administrator overseeing the firm’s vendor relationships, emailed lawyers and staff that all remote and hybrid employees must either work from the office or bring their firm‑issued computer setup home until additional equipment could be purchased and distributed. Bernal stated that the firm was scrambling to obtain more computers and devices for those employees. He also said that Lewis Brisbois expects to permanently ban employees from accessing systems through personal devices. For employees who work from home, the firm offered two options: work onsite or bring their office setups home, noting that bringing equipment home may present some challenges with Wi‑Fi connectivity. For those who are absolutely unable to work in the office, Bernal asked employees to request a temporary work solution.
Lewis Brisbois, founded in Los Angeles, employs more than 1,600 attorneys across the country. The article notes that it is not clear whether hackers were able to successfully infiltrate the firm’s network during the incident. Despite earlier efforts to upgrade its technology infrastructure, the recent siege on the firm’s systems shows that it remains vulnerable to bad actors. Managing partner Greg Katz, who assumed leadership after a tumultuous period in 2023 that saw more than 100 lawyers leave, had installed new chiefs of technology and information. The firm’s response to the cyberattack included blocking outside access to internal networks and requiring remote staff to return to offices or secure their equipment.