Major media and entertainment law firm Grubman Shire Meiselas & Sacks says it has informed its A-list clients that its internal data systems were hacked and a vast trove of information on its clients was stolen.
“We can confirm that we’ve been victimised by a cyberattack,” the New York-based firm said in a statement to Variety.
“We have notified our clients and our staff. We have hired the world’s experts who specialise in this area, and we are working around the clock to address these matters.”
News of the hack surfaced last week, after a hacker group claimed it infiltrated the Grubman Shire Meiselas & Sacks network and stole a whopping 756 gigabytes of documents on multiple music and entertainment figures.
Those include clients past and present, among them: Lady Gaga, Madonna, Nicki Minaj, Bruce Springsteen, Mary J. Blige, Ella Mai, Christina Aguilera, Mariah Carey, Cam Newton, Bette Midler, Jessica Simpson, Priyanka Chopra, Idina Menzel and Run DMC, the hackers claimed.
The data stolen by the hackers allegedly includes contracts, nondisclosure agreements, phone numbers and email addresses, and private correspondence, the group’s claims posted on a dark web forum, according to cybersecurity firm Emsisoft.
The group behind the attack didn’t release all the data they had supposedly purloined. To show the hack was real, they released an excerpt from a contract for Madonna’s 2019-20 “Madame X” tour with Live Nation.
It’s evidently a ransomware attack, in which cybercriminals use the threat of releasing the stolen data as leverage to extort payment. It is not known what demands the hackers have made in connection with the theft of Grubman Shire Meiselas & Sacks data.
The attack on the law firm – whose clients span music artists, actors and TV personalities, sports stars, and media and entertainment companies – was carried out by a group called “REvil,” also known as “Sodinokibi,” according to Emsisoft.
The group has previously targeted companies and organisations including Travelex, the UK-based currency-exchange company, which paid $US2.3 million in bitcoin to hackers after a ransomware attack, the Wall Street Journal reported.