Cyber Incident Victim: Bricker & Eckler LLP

The ransomware attack on Ohio-based law firm Bricker & Eckler LLP occurred between January 14 and January 31, 2021, when an unauthorized party gained access to the firm's systems. The attackers exfiltrated sensitive data including names, addresses, medical information, education records, driver's license numbers, and Social Security numbers. Bricker & Eckler served as legal counsel for INCompliance Consulting, a contractor managing Title IX investigations for Michigan State University (MSU). The compromised systems contained case files from INCompliance's work with MSU's Title IX program, exposing approximately 350 individuals involved in these investigations. Six specific individuals directly participating in Title IX cases had their personal information stolen. The law firm successfully recovered its data but acknowledged attackers might have copied the information during the breach period.

MSU confirmed its own systems remained secure and emphasized the breach originated entirely within Bricker & Eckler's infrastructure. The university stated the incident would not affect ongoing Title IX cases or investigations. Exposed documents included Title IX investigation reports, email communications, and case-related materials handled by INCompliance through its partnership with Bricker & Eckler. No evidence suggested broader dissemination of stolen data beyond the initial attackers at the time of disclosure. Bricker & Eckler implemented recovery procedures following the ransomware incident but did not specify whether a ransom was paid or detail technical containment measures. MSU coordinated notification efforts for affected individuals while maintaining operational continuity in its Title IX program.