Law firm Wolf Haldenstein Adler Freeman & Herz yesterday confirmed it notified 3,445,537 people of a December 2023 data breach that compromised Social Security numbers, employee ID numbers, medical diagnoses, and medical claim information.
Ransomware gang Black Basta claimed responsibility for the breach shortly after it occurred. At the time, it gave Wolf Hadenstein just over a week to pay an undisclosed sum in ransom, or else Black Basta would sell the stolen data to a third party.
Wolf Haldenstein has not verified Black Basta’s claim. We do not know whether the firm paid a ransom, how much Black Basta demanded, or how attackers breached the firm’ network. Comparitech contacted the firm for comment and will update this article if it replies.
In May 2024, Wolf Haldenstein sent data breach notices (PDF) to just 211 people (PDF). It stated, “Although we realized on December 13, 2023, that a cybersecurity incident took place, we were not able to determine the extent of the impacted data until the review of the potentially impacted data concluded on April 18, 2024.”
That notice stated only names, ID numbers, and addresses were breached. An updated disclosure posted by the Maine attorney general yesterday raised the number of victims to more than 3.4 million and added Social Security numbers and medical info to the list of compromised data.
“On December 3, 2024, Wolf Haldenstein identified a subset of potentially affected persons but Wolf Haldenstein was unable to locate address information to provide direct notice to the subset of potentially impacted individuals,” the updated notice states.
The law firm is offering eligible victims 12 months of free credit monitoring via TransUnion. The enrollment deadline is 90 days from receipt of the notice letter.
Who is Black Basta?
Black Basta, not to be confused with Blackcat or BlackSuit, is a ransomware gang that first surfaced in early 2022. It operates a ransomware-as-a-service business wherein third-party clients can pay Black Basta to use its ransomware and infrastructure to launch attacks and collect ransoms. Black Basta often extorts victims for a key to restore infected systems, and for not selling or publicly releasing stolen data.
Black Basta has claimed 158 confirmed ransomware attacks since it began, compromising about 11.6 million records. This attack on Wolf Haldenstein is the second largest, surpassed only by an attack on Ascension that compromised 5.6 million.
Black Basta also recently claimed attacks on BT Group (UK), Beko Technologies (Germany), Avril Supermarché Santé (Canada), and Bnext.nl (Netherlands).
In 2024, the group claimed another 138 unconfirmed attacks that haven’t been acknowledged by the targeted organizations.
Ransomware attacks on US law firms
Ransomware attacks on law firms can both steal data and lock down computer systems. Law firms must then pay a ransom to restore their systems and for the attackers not to sell or publicly release the stolen data. If the firm doesn’t pay the ransom, then it could lose data, spend months restoring systems, and put clients at increased risk of fraud.
From 2023 to 2024, the number of ransomware attacks on US law firms dropped from 41 to 12, according to our data. Black Basta’s attack on Wolf Haldenstein was the largest on any law firm in 2023 by far. The average ransom across both years is $428,000.
In other recent such attacks, Rob Levine Law disclosed an August 2024 breach by Akira ransomware that compromised 1,738 records. Kotz Sangster Wysocki was hit by LeakedData in a December 2024 attack.
About Wolf Haldenstein
Wolf Haldenstein Adler Freemand & Herz LLP is a litigation firm with five practice areas: securities, antitrust, entertainment, copyright and intellectual property, commercial and business, and consumer. The firm has recovered billions of dollars for legal violations. It has offices in New York, Sand Diego, Chicago, and Nashville. It has worked on high-profile cases involving Apple, Dave, Roblox, and even several companies that suffered data breaches of their own like Access Sports Medicine & Orthopedics.
Source link