Campbell & O’Neil, a US law firm, has disclosed a data breach that occurred during a ransomware attack in February 2021.
Campbell’s client list includes companies in various industries, such as aviation, energy, pharmaceutical, and hospitality. Some of the companies that have used its services include Exxon, Boeing, Home Depot, Time Warner, Pfizer, and many more.
“On February 27, 2021, Campbell became aware of unusual activity on its network,” the law firm revealed in a press release issued earlier today. “Campbell conducted an investigation and determined that the network was impacted by ransomware, which prevented access to certain files on the system.”
The company hired a third-party forensic firm to investigate the incident and notified the FBI.
Campbell issued a press release informing the public that the information related to individuals affected by the ransomware attack was accessed by the threat actors during the attack. Campbell could not determine what information the attackers obtained from specific clients, but said they did have access to various data types.
Campbell discovered that the attackers were able to obtain various personal information, such as names, dates of birth, driver’s license numbers/state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data, and/or online account credentials (i.e. usernames and passwords).”
Campbell will provide 24 months of free credit monitoring, identity theft restoration, and fraud consultation to individuals whose Social Security number or equivalent information was compromised.
The company didn’t reveal the name of the group behind the attack or if the attackers stole the accessed data.
After these attacks, ransomware operators often use the stolen data to extort money from victims. The victims’ information is slowly leaked online until the victim pays a ransom. In some cases, the criminals are also increasing the ransom amount until all the infected files are leaked.
Depending on how many Campbell’s clients’ were affected by the attack and what data was stolen from them, it could lead to more data breaches in the future.
The sudden growth of ransomware has reached unprecedented levels recently. Attacks on US businesses and critical infrastructure, like those that have hit the country’s biggest meat producer and a major pipeline have raised big concerns. More recently, REvil gang breached software provider Kaseya and compromised systems of roughly 1,500 businesses worldwide.