Accellion Data Breach Update: Top Boston Law Firm Affected

February 3, 2021

A few days ago we covered the Christmas Day Accellion breach that affected the Office of the Washington State Auditor (SAO). Accellion, a Palo Alto-based company, developed the File Transfer Appliance (FTA) for transmitting large files and to overcome limits for substantial email attachments. Hackers have targeted this service and obtained unauthorized access to the firm's data. 

Yesterday, Goodwin Procter, a top Boston law firm with several Big Law clients acknowledged that they were also affected by the incident. Their memo states that a “small percentage of our clients may have experienced unauthorized access to or acquisition of confidential information.”

Bloomberg has obtained a memorandum released by the law firm confirming that their software vendor notified them on January 22, 2021 that the file transfer service was targeted. They said that they stopped the services instantly upon knowing the incident. And added that those who were affected within their firm were immediately informed about the situation.

As we’ve covered before here, here, and here, the most sophisticated threat actors are always looking at the legal industry in general and law firms in particular, given the amount and value of sensitive data they transmit, process, and store. Third-party service providers these law firms often use are increasingly being targeted for backdoor access into even the most secure systems. Read about how Firefly, one of the world’s leading cybersecurity firms, was hacked through one of their vendors here.

According to Accellion’s Chief Information Security Officer, “Our latest release of FTA has addressed all known vulnerabilities at this time,”. They also announced that they have been working with a top cybersecurity forensics firm to conduct a compromise assessment.

Manage your vendor effectively and transform manual vendor risk management processes with Counself Risk. Our secure cloud platform is under the scope of ISO/IEC 27001 certification, achieved by InfiniGlobe LLC. If you want to learn more about Counself, go here or reach out to us here.

News; Supply Chain; Data Breach

What Else Are You Interested In?

We love research and would be happy to share our finding with you