Jones Day disputes claimed breach; points to hacked vendor; hacker points back to them

Although Jones Day failed to respond to multiple inquiries sent to it by this site about a ransomware attack claimed by CLOP threat actors, the giant law firm apparently responded to inquiries by the Wall Street Journal. Their statement, however, omits important information and has been disputed by the threat actors. WSJ reports, in part: Jones Day, in a statement, disputed that its network has been breached. The statement said that a file-sharing company that it has used was recently compromised and had information taken. Jones Day said it continues to investigate the breach and will continue to be in discussion with affected clients and appropriate authorities. In their statement to WSJ, Jones Day identified the company as Accellion. Jones Day has since given the same or similar statement to American Lawyer. Regular readers of DataBreaches.net have seen a number of reports about a recent Accellion breach. Accellion provides file transfer software to firms. It issued its first statement about a breach on January 12, later clarifying that they discovered the breach mid-December, issued a patch within 72 hours, and notified affected clients on December 23. In a subsequent update, they acknowledged finding other vulnerabilities that were also addressed. Some of Accellion’s affected clients (SingTel, Royal Bank of New Zealand, the law firm of Goodwin Procter, the State of Washington and University of Colorado) issued their own press releases, stating that they were notified later than what Accellion’s statement would suggest. Jones Day never issued any press release about being impacted by the Accellion breach.  And although there are logs in the CLOP data dump that do show automated attempts to connect to Accellion,  CLOP denies that the data came from a hack of Accellion. Accellion’s timeframe is important. In its updated press release, the firm admitted that after patching the vulnerability, they discovered others that needed patching, and that the attacks on them went on into January. They do not specify when in January. Were the attackers still exfiltrating files in mid-January? If not, then the data dump may not come from Accellion, as this site previously noted two files dumped by the threat actors dated January 14 and  January 15, 2021.  Although DataBreaches.net presented redacted versions,  this site verified that these documents refer to verifiable litigation, including the judge’s name,  case captions, and docket number with reference to one item. So when did Accellion secure everything and when was Jones Day notified, if they were notified at all? Jones Day was asked to answer some questions by this site after the WSJ published their report. This time, DataBreaches.net asked Jones Day whether they had actually ever been notified by Accellion that they had been impacted by the vendor’s breach, and if so: (1) when, and (2) did they notify any clients? No reply has been received by publication time. DataBreaches.net also reached out to CLOP to ask about Jones Day’s claims. In response, a spokesperson for CLOP responded: we hacked their server where the Accellion was and took the data from there, we spammed all over the company and all over the contact sheet they repeatedly entered the chat and were silent CLOP did not provide any screenshots to support that statement. So was Jones Day the victim of a ransomware attack? CLOP has dumped more files over the past few days, so the law firm should be able to confirm whether the files came from the server CLOP has now described. This post will be updated if a response from Jones Day is received.DataBreaches.netRead More