Casepoint says it’s investigating a potential cybersecurity incident after hackers claimed to have compromised the legal technology platform to steal terabytes of sensitive data.
U.S.-based Casepoint offers a legal discovery platform for litigation, investigations and compliance that is used by government agencies, corporations and law firms. The organization boasts a number of high-profile clients, including the U.S. Courts, the Securities and Exchange Commission (SEC), the U.S. Department of Defense (DoD), hotel operator Marriott, and medical giant Mayo Clinic.
In a statement to TechCrunch, Casepoint co-founder and chief technology officer Vishal Rajpara confirmed the company had “activated our incident response protocols” on March 30 and “engaged an external forensic firm to help us investigate a potential incident”.
While Rajpara declined to confirm the nature of the incident, he didn’t dispute claims that Casepoint was targeted by the ALPHV ransomware gang, which this week claimed responsibility for attacking the organization by listing its stolen data on its dark web leak site. The Russia-linked gang, also known as BlackCat, claims to have stolen two terabytes of sensitive information from Casepoint, including data from the U.S. government, and “many other things you have tried so hard to keep,” the gang said.
Samples of the exfiltrated data, seen by TechCrunch, include sensitive health information from a Georgia-based hospital, a legal document, a government-issued ID, and an internal document allegedly issued by the FBI. The FBI did not respond to TechCrunch’s request for comment.
In an update published on March 31 — after Casepoint confirmed it was investigating the incident — ALPHV also shared what appears to be login details for the company’s internal systems.
Rajpara told TechCrunch that Casepoint remains “fully operational and have experienced no disruption to our services,” adding that “the third party forensic firm that we have engaged is currently running scans and deploying advanced endpoint detection monitoring tools and will be looking for signs of suspicious activity.”
“We are early on in our investigation and are committed to keeping our clients informed as we learn more,” Rajpara said.
Rajpara declined to say whether the company has the technical means to detect what data was accessed or exfiltrated or whether the company has received any communication, such as a ransom demand, from the ALPV ransomware group.
The ALPHV gang previously claimed to have targeted the Amazon-owned video surveillance company Ring, and NextGen Healthcare, a U.S.-based electronic health record software provider. ALPHV’s leak site was also used to host data stolen from Western Digital, though the hackers responsible claimed they were not affiliated with the gang.
Other ALPHV victims include Bandai Namco, Swissport and the Munster Technological University in Ireland.