Cyber Incident Victim: Campbell Conroy & O'Neill, P.C.
Date:
Feb 2021
Location:
United States of America
Summary
A ransomware attack compromised a law firm advising numerous Fortune 500 and Global 500 companies across sectors such as automotive, aviation, and healthcare. The incident disrupted network access and exposed sensitive personal information, including names, Social Security numbers, financial data, medical records, and credentials. While specific evidence of data misuse was not confirmed, the firm provided affected individuals with credit monitoring and identity theft services. The breach raised concerns about potential secondary impacts on corporate clients, as ransomware operators frequently exfiltrate data before encryption. Forensic experts and law enforcement were engaged to investigate the intrusion.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 27, 2021, Campbell Conroy & O'Neil, P.C., a U.S. law firm representing numerous Fortune 500 and Global 500 companies, detected unusual activity on its network. The firm initiated an investigation that confirmed a ransomware attack had compromised its systems, restricting access to certain files. Campbell engaged third-party forensic investigators to analyze the breach and reported the incident to the FBI. The investigation revealed that threat actors accessed sensitive personal information stored on affected devices, though no definitive evidence confirmed the theft of specific records per individual. Exposed data included names, dates of birth, driver’s license or state ID numbers, financial account details, Social Security numbers, passport numbers, payment card information, medical records, health insurance data, biometric information, and online account credentials. The firm issued a public breach notification and offered 24 months of complimentary credit monitoring, fraud consultation, and identity theft restoration services to individuals whose Social Security numbers or equivalent identifiers were exposed.
The ransomware attack posed significant risks due to Campbell’s client portfolio, which spanned high-profile sectors such as automotive, aviation, energy, insurance, pharmaceuticals, retail, hospitality, and transportation. Clients included Exxon, Apple, Mercedes Benz, Boeing, Home Depot, British Airways, Dow Chemical, Allianz Insurance, Universal Health Services, Marriott International, Johnson & Johnson, Pfizer, and Time Warner. The incident raised concerns about potential secondary breaches affecting these corporate entities, as over 20 ransomware groups were known to exfiltrate data before encryption. Campbell’s disclosure coincided with heightened U.S. government attention to ransomware threats, exemplified by the launch of StopRansomware.gov that same week. The attack occurred amid a surge in high-impact ransomware operations targeting critical infrastructure and major corporations in early 2021, including JBS Foods and Colonial Pipeline. Forensic efforts focused on determining the scope of data access and mitigating further exposure, though the firm did not disclose technical details about the ransomware variant, initial attack vector, or full operational disruption.