The law firm, who represents Donald Trump, Grubman Shire Meiselas & Sacks, has been hacked. 756GB of data has been stolen and held for ransom.
Another day, another hack. This time, however, a group decided to have the balls to hack an organization that represents the president of the United States. The unknown hacking group hacked the law firm of Grubman Shire Meiselas & Sacks, a firm that represents celebrities like Donald Trump, Lady Gaga, Bruce Springsteen, and others.
Approximately 756GB of data was stolen from the law firm. The hackers then contacted the firm and demanded $21 million in exchange for the stolen data. Already, 2.4GB of stolen data was already released with the promise of more to come. The firm is still refusing to pay the ransom. From Rolling Stone:
“It seems that GRUBMANS doesn’t care about their clients or it was a mistake to hire a recovery company to help in the negotiations,” the hackers wrote. “As we promised, we [published] the first part of the data because the time is up.” A source close to the firm confirmed to Rolling Stone that the company has declined to pay any ransom.
The “first part” was a 2.4-gigabyte folder including legal work the law firm did for Lady Gaga: contracts sent to producers, collaborators, and members of her touring ensemble; promotional agreements; expense sheets; confidentiality agreement forms; performer agreements; reimbursement forms for the artist Jeff Koons; a handful of promotional photos; and reams of tedious paperwork one would expect to find in the database of an entertainment law firm. (A representative for Lady Gaga declined to comment.)
Soon after the hackers dropped the initial 2.4 gigabytes of information, they issued a “little press release” saying that their demands had not been met and that “the ransom is now $42 million.” They also claimed to be in possession of documents connected to President Trump.
“There’s an election race going on, and we found a ton of dirty laundry. Mr. Trump, if you want to stay president, poke a sharp stick at the guys, otherwise you may forget this ambition forever,” they wrote. “And to you voters, we can let you know that after such a publication, you certainly don’t want to see him as president. Well, let’s leave out the details. The deadline is one week.” A source close to the firm confirmed to Rolling Stone, however, that the law firm had no dealings with Trump.
“Our elections, our government, and our personal information are under escalating attacks by foreign cybercriminals. Law firms are not immune from this malicious activity,” a spokesperson for Grubman Shire Meiselas & Sacks told Rolling Stone in a statement. “Despite our substantial investment in state-of-the-art technology security, foreign cyberterrorists have hacked into our network and are demanding $42 million as ransom. We are working directly with federal law enforcement and continue to work around the clock with the world’s leading experts to address this situation.
For one, there is a credible threat against the US president we are talking about here. Regardless of political stripe, such a threat is, of course, going to be taken very seriously. So, you know a lot of resources are going to be poured into tracking these hackers down. There’s no debate or question that law enforcement is going to be highly motivated to go after these hackers. Additionally, the firm is already working with law enforcement on this. That is based off of the comments that were given. So, it’ll be interesting to see if, or how quickly, the hackers get tracked down and arrested.
May continues to be a highly active month for security incidences. It started early on with the Webkinz data breach which saw 23 million accounts compromised. That was followed up by the GoDaddy hack. The very next day, we reported on the Tokopedia data breach which saw 91 million accounts compromised. That breach sparked a lawsuit in Indonesia.
Following that was the next wave of security incidences. That started with the Unacademy data breach which saw 22 million accounts compromised. That was followed up by the Cam4 data leak which saw 10 billion records exposed. After that, we saw the ironic data breach marketplace site WeLeakData get hacked. Hacker information, as a result, was then sold on the dark web. This was followed up by the Mobifriends data breach which saw 4 million users compromised. Finally, just yesterday, we reported on the Chatbooks data breach. Once again, personal information was stolen and sold on the dark web.
It’s kind of hard to believe, but we reported all of that just this month. Once again, we are left with just waiting for the next security incident to hit at this point.
Drew Wilson on Twitter: @icecube85 and Facebook.
