Breach linked to known group
Jones Day has become the latest high-profile law firm to fall victim to a cyber attack, after hackers accessed files linked to a number of client matters.
The US firm — which represented Donald Trump in both his 2016 and 2020 presidential campaigns and has placed several of its lawyers into senior White House and Justice Department roles — confirmed it had experienced a “phishing incident” in which “unauthorised third party accessed a limited number of dated files for 10 clients.”
All affected clients have been notified, though the firm declined to name either them or the specific files involved.
The attack has been linked to the Silent Ransom Group, which has claimed responsibility for the breach. Reuters reports that the group published a file directory and screenshots of purported negotiations with Jones Day representatives, and is said to have specifically targeted Greg Castanias, a senior Washington-based partner who leads the firm’s Federal Circuit practice.
Jones Day has found itself in the crosshairs before, and in 2021 the firm was among several major companies caught up in a hack of file transfer software linked to a separate ransomware group.
Jones Day is one of a number of major law firms to have been targeted in recent years. Allen & Overy was hit by an attack linked to the LockBit ransomware group in 2023, before its merger with Shearman & Sterling, though the firm was later quietly removed from the group’s website without explanation.