Noteboom

Noteboom is a law firm headquartered in Texas, United States, delivering legal services with a focus on handling highly sensitive client information. The firm's documented work involves managing non-disclosure agreements, active case documents, medical records, and employee data, indicating a practice that serves corporate entities, individuals in litigation, and matters involving healthcare-related information. This portfolio suggests specialization in areas such as corporate law, civil litigation, and potentially healthcare or personal injury law, where confidentiality is paramount. While the firm's exact size, revenue, or geographic client reach are not specified, its engagement with substantial volumes of protected data implies a significant operational scale within the legal sector. The nature of the information processed positions Noteboom within a high-risk environment for data breaches due to the intrinsic value of legal documents and personal records. No details regarding ownership structure, parent companies, or subsidiary relationships are provided in the available information.

In March 2023, Noteboom suffered a confirmed ransomware attack by the BlackCat group, which successfully infiltrated its network for about one week. The attackers exfiltrated over 400 gigabytes of data encompassing non-disclosure agreements, active case files, medical records, and employee information before encrypting the firm's servers. This incident provides direct evidence of the firm's extensive data holdings and its vulnerability to sophisticated cyber threats. The firm's administrative defensive efforts were noted as unsuccessful by the attackers, and multiple ransom demands totaling $1.75 million were issued without acknowledgment from Noteboom. Following the expiration of a 24-hour payment deadline, BlackCat listed Noteboom on its public leak site but withheld the immediate release of the stolen data, granting a two-week extension. Throughout the entire event, no communication or negotiation occurred between the law firm and the ransomware group, leaving the final disposition of the exfiltrated information unresolved in the public record. The breach underscores the critical cybersecurity risks inherent to legal practices that retain large quantities of confidential client and case-related data.