Cyber Incident Victim: Bryan Cave Leighton Paisner LLP
Date:
Feb 2023
Location:
United States of America
Summary
A cybersecurity breach at law firm Bryan Cave Leighton Paisner compromised sensitive personal information of over 51,000 current and former Mondelez International employees. Unauthorized actors accessed the legal services provider's systems over multiple days, exfiltrating data including Social Security numbers, names, addresses, dates of birth, genders, employment details, and retirement plan information. The incident did not affect Mondelez's own networks. Upon detecting the intrusion, the law firm engaged external cybersecurity forensics experts, coordinated with law enforcement, and subsequently alerted Mondelez about the data exposure. The affected individuals were notified after Mondelez completed its internal review, with the company offering two years of complimentary credit monitoring services. No financial account information was accessed in the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 23, 2023, unauthorized actors gained access to the systems of Bryan Cave Leighton Paisner LLP, a law firm providing legal services to Mondelez International. The intrusion continued undetected until February 27, when the firm identified anomalous activity, at which point the breach was actively contained by March 1. Neither Bryan Cave nor Mondelez disclosed the exact intrusion method, data exfiltration volume, or whether ransomware demands accompanied the incident. Forensic analysis confirmed the attackers obtained sensitive personal information belonging to 51,110 current and former Mondelez employees, including full names, Social Security numbers, addresses, dates of birth, marital status, gender identifiers, employee identification numbers, and retirement plan details. Mondelez emphasized its own corporate networks remained unaffected, with the compromise limited to Bryan Cave's infrastructure acting as a third-party data custodian. No financial account information or credit card data was accessed during the incident.
Bryan Cave engaged an external cybersecurity forensics firm upon detecting the breach, notified law enforcement, and initiated containment protocols. Mondelez was formally informed on March 24, 2023, following the law firm's confirmation that its employee data had been specifically targeted. Over the ensuing two months, Mondelez conducted an internal review to identify affected individuals, finalizing the scope by May 22 before issuing notifications to impacted personnel. The breach disclosure to employees included an offer of 24 months of complimentary credit monitoring services, though Mondelez stated no evidence existed of actual misuse of the stolen data. Bryan Cave maintained operational continuity throughout its investigation, assuring clients of uninterrupted service while coordinating with authorities. The incident occurred against Mondelez's prior experience with the NotPetya cyberattack, though Bryan Cave had no involvement in that unrelated legal matter. Neither organization provided further details on attack attribution or long-term mitigation measures beyond the confirmed containment window and stakeholder notifications.