US Law Firm Suffers Large Scale Breach

Uploaded on 2024-03-19 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Law

Houser LLP a California-based law firm said that the ransomware attack it suffered in 2023 has compromised the sensitive personal information of more than 326,000 individuals.

Houser mainly caters to Fortune 500 companies. With more than ten offices across the country, the firm provides legal services to commercial businesses and financial institutions.

In a recent notice of data breach filed with the Office of the Maine Attorney, Houser said that in May last year, it discovered that malicious actors had encrypted certain files in its computer systems.

The firm immediately launched an investigation, with the assistance of third-party forensic specialists, to understand the nature and scope of the incident.

“The investigation determined that there was unauthorised access to the Houser network between May 7, 2023, and May 9, 2023, during which time certain files were copied and taken from the network.

However, in June 2023, the unauthorised actor informed Houser that they deleted copies of any stolen data and would not distribute any stolen files,” the firm has said.

The law firm worked with cyber security experts to understand whether the files accessed by the threat actors contained any sensitive personal information of individuals associated with the firm.
The investigation, concluded on January 18, revealed that the malicious actors were able to access personal information such as names and other personal identifiers, financial account numbers, credit and debit card numbers along with security codes, access codes, passwords and PINs.

The filing with the state regulator also revealed that the data security incident compromised the personal information of at least 326,386 individuals.

“Houser takes the confidentiality, privacy, and security of information in our care seriously. Upon discovery, we immediately commenced an investigation to confirm the nature and scope of the incident,” the firm said.

“We reported this incident to law enforcement. We also took steps to implement additional safeguards policies and procedures relating to data privacy, security and our network environment. These additional safeguards include, but are not limited to, deployment of RocketCyber, an endpoint detection and response tool.

“We also implemented multi-factor authentication for Outlook 365, NetExtender VPN tunnel and remote desktop connection.

“We also added ransomware detection software, implemented the use of phishing simulation software and conducted vulnerability assessment and penetration testing,” Houser added.

The company has urged all affected individuals to remain vigilant, review their credit reports and financial statements on a regular basis, and report suspicious transactions to relevant law enforcement authorities.

It is also offering one year of complimentary credit monitoring and identity theft restoration through IDX to all the individuals affected by the data breach. Also, it has set up a dedicated helpline where affected individuals can call and get their queries answered.

On May 10 2023, the notorious ALPHV/BlackCat ransomware group claimed responsibility for the cyber attack on Houser LLP and listed the company as a victim on its data leak site.

The group claimed to be in possession of 1.5TB of company data including internal company data, employees personal data, CVs, DLs, IDs, SSNs, financial reports, agreements, insurance, client documentation including DLs, IDs, SSNs, financial data, credit card information, loan data, agreements, complete network map including credentials for local and remote services, and more.

TEISS | Maine Attorney General | Reuters | The Record | Law 360

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.