Accellion’s 20-year-old FTA (Files Transfer Appliance) file-transfer platform was “the target of a sophisticated cyberattack,” according to a statement issued by the company on February 1.
The Wall Street Journal reports that a hacker known as Clop has leaked some documents online that they claim have been stolen from Jones Day. Among the documents are a cover letter for “confidential documents” and a memo addressed to a judge that has been labeled as a “confidential mediation brief.”
When contacted by the WSJ, Clop claimed to be in possession of more than 100 gigabytes of data belonging to Jones Day. The law firm, whose clients include Alphabet Inc.’s Google, JPMorgan Chase & Co., Walmart Inc., President Donald Trump, Procter & Gamble Co., and McDonald’s Corp., is the tenth largest in the country.
Clop claimed to have received no response from Jones Day after contacting them about handing over the files in exchange for a ransom.
In a statement released February 16, Jones Day said: “Jones Day’s network has not been breached. Nor has Jones Day been the subject of a ransomware attack.
“Jones Day has been informed that Accellion’s FTA file transfer platform, which is a platform that Jones Day—like many law firms, companies and organizations—used, was recently compromised and information taken.
“Jones Day continues to investigate the breach and has been, and will continue to be, in discussion with affected clients and appropriate authorities.”
Emsisoft’s Brett Callow said that if Clop was behind the data breach on Accellion, then the hacker could have access to data belonging to the vendor’s clients, which include the Reserve Bank of New Zealand, Washington State, and the Australian Securities and Investments Commission.
Commenting on the Accellion data breach, Lamar Bailey, senior director of security research at Tripwire, told Infosecurity Magazine: “The old saying a chain is only as strong as its weakest link also holds true for today’s extensive supply chains. If one of the products used by an organization is exploited, it opens up the organization to breaches as well.”