A top American legal firm with clients such as the Department of Defense (DoD) and the Securities and Exchange Commission (SEC) is currently investigating a suspected cyberattack that resulted in the theft of terabytes of sensitive data.
Casepoint issued a statement from company CTO and co-founder, Vishal Rajpara in which he refused to confirm, but did not appear to dispute reports that the ALPHV ransomware gang was behind the attack.
At the same time, the threat actor posted a list of all the stolen data on its leak site, thus claiming responsibility for the attack. The group, which has ties to the Russian government, allegedly took two terabytes of data from Casepoint, which includes data belonging to the U.S. government.
Despite the attack, the company is “fully operational”, the CTO further stated, adding that there had been no disruptions to the service. “We are early on in our investigation and are committed to keeping our clients informed as we learn more,” Rajpara said.
Rajpara also confirmed that the company had activated its incident response protocols and brought in an external forensic expert to help with the investigation.
ALPHV is a ransomware gang, but Rajpara did not discuss potential ransom demands or if the company decided to pay them or not.
Casepoint, which describes itself as a company offering “legal eDiscovery & compliance software solutions”, works with a number of high-profile organizations both in the private and public sectors. Some of its clients in the private sector include Marriott and Mayo Clinic, while those in the public sector include the Securities and Exchange Commission (SEC), the U.S. Department of Defense (DoD), and U.S. Courts.
The company also seems to have worked with a Georgia-based hospital as some of its data, including a legal document and a government-issued ID, were given to TechCrunch as a sample.