Campbell Data Breach Leads to Private Information Exposure
Law U.S. Company Campbell Conroy & O’Neil, P.C. Announced in a Press Release a Ransomware Attack that Targeted Its Clients in February 2021.
A new ransomware attack pointed to a U.S. law company. The Campbell data breach led to private information disclosure targeting the law firm Campbell Conroy & O’Neil, P.C. The enterprise is the one responsible to counsel Fortune 500 and Global 500 companies and has had a long list of clients along the way, from British Airways, Mercedes Benz, Apple to Johnson & Johnson, Pfizer, and Allianz Insurance.
What Info Did the Campbell Data Breach Expose?
The company first discovered the issue back on February 27 2021, they said in a recent press release. From then on, an investigation has started with the help of third-party analysts and the FBI. Through this investigation, the nature of the cyberattack was determined: it was about a ransomware attack.
What data has been leaked?
Even if the law firm has not confirmed yet who is behind the attack and if and what specific data of individuals was accessed or mischievously exploited by threat actors, following the evidence of a ransomware attack, the researchers announced that the targeted system contained:
- Names, birth data, and numbers of driver’s license of certain individuals;
- Info related to bank accounts;
- Social security numbers;
- Card payment info;
- Passport data;
- Medical info;
- Credentials (username and password).
Who Is Campbell Conroy & O’Neil, P.C.?
The Campbell data breach is related to Campbell Conroy & O’Neil, P.C.., which stands for a U.S. law company, whose services are based upon in-house legal counseling. They defend various companies, both national and regional level, from energy, insurance, automotive, and aviation industries to transportation, retail, hospitality, and pharmaceutical sectors.
What Is a Ransomware Attack?
Threat actors use ransomware, a type of malware, to encrypt data on a computer or network, so the user no longer has access to it. To have the data back, the victim needs to pay a ransom for the decryption key.
Ransomware is very popular. If not paid, the encrypted sensitive data will be leaked online and made public. Data can be leaked progressively until hackers achieve their goal.
As Bleeping Computer states:
Furthermore, in some cases, the ransomware gangs are also increasing the ransom bit-by-bit until all the stolen files are leaked on sites specifically designed for this purpose.
Measures to Mitigate the Campbell Data Breach
The affected law company came to the relief of its clients by taking some measures. They grant users 24 months free access to services that will help them overcome the effects of the Campbell data breach. All individuals whose Social Security numbers or equivalent information was exposed during the incident will receive credit monitoring, fraud consulting, and identity theft restoration services.
Campbell is committed to, and takes very seriously, its responsibility to protect all data entrusted to us. As part of our ongoing commitment to the privacy of personal information in our care, we are reviewing our existing policies and procedures, and are working to implement additional safeguards to further secure our information systems.
US Government Fights Ransomware
Ransomware attacks have posed a threat to many enterprises recently, even the biggest ones. In the light of recent events that proved the imminent threat of ransomware, for example, the attacks against JBS Foods (the biggest meat producer worldwide), Miami-based Kaseya and Colonial Pipeline (the largest fuel pipeline from the U.S.), and others, the U.S. Government decided to take severe measures against these kinds of cyberattacks, thus they launched StopRansomware.gov, a platform that represents support for public and private entities in the fight of ransomware.