Five Law Firms Breached; Hackers Want Ransom

At least five law firms have been breached by a hacking group known as Maze. The stolen information included such things as legal fee agreements and privacy consent forms as well as personal information about clients, who included veterans making disability claims. The hackers, who in previous attacks have demanded ransoms of a million dollars or more, operate by releasing small amounts of the stolen information as “proofs” in order to increases the pressure on victims to pay up. A threat analyst from cybersecurity company Emisoft provided a screen shot of some of the publicly released information, which included a Veterans Administration document that was a point by point rejection of a veteran’s disability claim. (No name or identifying information was included in the screen shot, but it does include such details as “The VA examiner opined your depression is due to your antisocial personality disorder and alcohol.”) According to the Emisoft analyst, hacker groups tend to attack smaller firms with less secure computer systems.