The personal data of thousands of clients of three of the country’s biggest law firms may be compromised following a massive global data theft, according to reports.
Kirkland & Ellis, K&L Gates and Proskauer Rose were targeted, along with 50 other multinational corporations last month, according to the ransomware group Clop, which took responsibility for the hack.
The law firms were exposed as a result of a vulnerability in MOVEit software used to transfer files, according to reports. The hackers, who call themselves “Lance Tempest” are tied to Clop, which is also known as TA505. The software was affected during Memorial Day weekend, according to reports.
Attacks around holidays are a signature of the Clop group, reported Bleeping Computer, an information security and technology news site.
Cypfer, an internet ransomware negotiation team, said that the gang, believed to be tied to Russia, usually demands millions in extortion fees. Last month, the US State Department placed a $10 million bounty on the group’s leader, seeking information tying the group to a foreign government.
More than 16 million people may be affected by the breach, according to a tweet earlier this week by cybersecurity expert Brett Callow.
In addition to the law firms, the attacks hit universities, banks and insurance companies around the world, according to Callow.
Emails to the law firms’ New York offices were not returned Saturday.