Grubman Shire Meiselas & Sacks, a large media and entertainment law firm, appears to have been the victim of a cyberattack that resulted in the theft of an enormous batch of private information on dozens of celebrities, according to a data security researcher.

The trove of data allegedly stolen from the New York-based firm by hackers — a total of 756 gigabytes — includes contracts, nondisclosure agreements, phone numbers and email addresses, and “personal correspondence,” according to an image of the hackers’ post provided to Variety by Emsisoft, a cybersecurity software and consulting company specializing in ransomware.

The documents purportedly include information about multiple music and entertainment figures, including: Lady Gaga, Madonna, Nicki Minaj, Bruce Springsteen, Mary J. Blige, Ella Mai, Christina Aguilera, Mariah Carey, Cam Newton, Bette Midler, Jessica Simpson, Priyanka Chopra, Idina Menzel, HBO’s “Last Week Tonight With John Oliver,” and Run DMC. Facebook also is on the hackers’ hit list.

Representatives for Grubman Shire Meiselas & Sacks did not respond to Variety‘s requests for comment Friday. As of Saturday morning, the firm’s website (gsmlaw.com) was effectively offline, displaying only its logo.

In the type of ransomware attack evidently carried out against the legal firm, cybercriminals use the threat of releasing the stolen data as leverage to extort payment.

Variety was unable to verify the authenticity of the allegedly stolen documents. According to Emsisoft, the hackers posted evidence of the data theft via a forum on the dark web, which lets users engage in secret transactions and hide their identities using encryption. It isn’t known how much the hacker group responsible for the attack may be demanding from the law firm in exchange for not releasing the material publicly and/or on the dark web.

One of the documents released by the hacker group was an excerpt from a contract for Madonna’s 2019-20 “Madame X” with Live Nation.

The info the hackers has released so far “is simply a warning shot,” Emsisoft threat analyst Brett Callow told Variety. “It’s the equivalent of a kidnapper sending a pinky finger.” The implicit threat is that if the firm doesn’t pay the cybercriminals, the group will publish whatever other data they managed to steal, probably in installments, he added.

The ransomware attack on Grubman Shire Meiselas & Sacks was perpetrated by…

Read The Full Article

Leave a Reply

Check Also

Mandatory Privacy-Breach Reporting Coming to B.C. Public Sector

As of February 1, 2023, public bodies in British Columbia (B.C.) will be required to repor…