US law firm Campbell Conroy & O’Neil has disclosed a data breach affecting its customers, including Fortune 500 companies. This data breach happened during a ransomware attack that hit Campbell earlier this year.
Campbell Conroy Disclosed Data Breach
According to a recent press release from Campbell Conroy & O’Neil, the law firm has suffered a cyberattack earlier this year. This security incident resulted in a breach of Campbell customers’ data.
Campbell Conroy & O’Neil is a US-based law firm with many Fortune 500 and Global 500 firms on its clientele. Hence, the subsequent breach also potentially exposes sensitive data about various firms from the aviation, automotive, energy, hospitality, insurance, pharmaceutical, retail, and transportation sectors. Some of the prominent names on Campbell’s customer base include Apple, Exxon, Home Depot, Boeing, British Airways, Allianz Insurance, Universal Health Services, Pfizer, and more.
As per the details shared on its website, the firm suffered a ransomware attack in February 2021. Upon detecting the incident that prevented its access to data, Campbell involved forensic investigators and law enforcement in determining the extent of damages.
It turned out that the attackers had also accessed the data belonging to the firm’s customers. As stated,
We cannot confirm if the unauthorized actor accessed or viewed any specific information relating to individuals. However, we determined that the information present in the system included certain individuals’ names, dates of birth, driver’s license numbers / state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data, and/or online account credentials (i.e. usernames and passwords). Please note that the information varies by individual and for many individuals, a limited number of data types were determined to be accessible.
What Should You Do?
Currently, Campbell hasn’t shared any details about the attack, any impact on its services, and the ransom demand. Also, it remains unclear whether or not they have paid the ransom to the attackers.
Besides, they haven’t disclosed the exact number of customers or individuals affected during this incident.
Nonetheless, they offer a complimentary 24-month credit monitoring to the affectees, whom they will inform separately.
Let us know your thoughts in the comments.