Cyber Incident Victim: Mason Law Office
Date:
May 2018
Location:
United States of America
Summary
Mason Law Office experienced unauthorized access to their mycase.com system, resulting in potential exposure of client names, Social Security numbers, driver’s license details, contact information, and privileged legal documents including case notes, financial statements, and attorney communications. While the attackers deleted case data and altered administrative settings, the firm stated they routinely redacted identifiable financial information prior to upload and did not store payment data within the compromised platform.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or about May 5, 2018, Mason Law Office in Sacramento discovered evidence of unauthorized access to mycase.com, a platform used to manage client case information. The breach involved an unknown individual or group gaining entry to the system, though the specific method of access remained unclear despite the firm having implemented all security measures offered by the software provider. During the intrusion, client data was potentially accessed, case information was deleted, and unauthorized administrative changes were made to the system. The law office initiated a joint investigation with mycase.com to determine the full scope of the incident, including the extent of information compromised. They committed to contacting affected clients if case-specific impacts were identified through their ongoing forensic review. The firm promptly notified impacted individuals and submitted a copy of their breach notification to the California Attorney General’s Office as part of regulatory compliance efforts.
The compromised data included any information uploaded to mycase.com, specifically client names, Social Security numbers, driver’s license numbers, phone numbers, email addresses, and legally privileged materials such as case notes, legal documents, evidence files, financial statements, photos, invoices, transcripts, trust balance records, and attorney-client communications. Notably, the firm emphasized its standard practice of redacting identifiable account information from financial statements, tax returns, and disclosure documents before uploading them to the platform. Payment information, including credit card details used for trust account transactions, was never stored in mycase.com, as the firm utilized separate bank-approved payment software for financial operations. While administrative system changes and data deletions occurred during the breach, the notification clarified that no payment systems or externally processed financial data were directly compromised through this incident. The law office maintained its investigation into the attack’s consequences while underscoring these procedural safeguards designed to limit exposure of sensitive financial identifiers.