Data Breach Notices Fly from Jackson Lewis PC
Table of Contents
- By Steven
- Feb 17, 2023
More often than not, the breaches we cover are phishing scams, ransomware attacks, and system hacks. We’ve seen everything from ransomware-as-a-service to “you won a free vacation” phishing scams and back again. However, the least common thing we write about is hard drive theft. This type of breach occurs when someone literally breaks into an office and steals their hardware from their computers or takes a mobile device, laptop, or thumb drive full of information. While this may seem like a more difficult route than quietly hacking in from the back of a server or network, it is still incredibly effective.
How Did the Attack Occur?
The attack on Jackson Lewis PC occurred on January 7, 2022, when an unauthorized party broke into the law office and stole two hard drives containing clients’ personal information. It took a while for the investigation to cease, but around August 2022, the company and investigators found that personal information about certain cases and individuals was involved. In December 2022, Jackson Lewis PC alerted anyone associated with the seemingly-targeted cases. After that, the company filed a notice with the California Attorney General’s Office on January 10, 2022.
What Information Was Viewed or Stolen?
The breach included names and more, but the notice sent to the California Attorney General’s Office had all the personal information redacted. It is unclear how much PII (personally identifying information) was involved, but it may be severe, as law firms usually have access to sensitive information.
How Did Jackson Lewis PC Admit to the Breach?
Jackson Lewis admitted to the breach by filing the notice mentioned above with the California Attorney General’s Office. It read, “We took several steps to investigate the incident and mitigate harm, including efforts to locate the hard drives such as examining security camera footage and collaborating with building management to review access records. Please note, this incident did not involve any intrusion to the Jackson Lewis network and our network remains secure… While we have no evidence that any of the impacted information has been improperly used or disclosed, out of an abundance of caution, we want to make you aware of the incident.”
What Will Become of the Stolen Information?
The fate of the stolen information is dependent on what information was involved. If there was case-related evidence on the hard drives, it is unclear what would happen with the information. If there were social security numbers involved, it would likely be sold. The same will happen if there is any insurance or financial information involved.
What Should Affected Parties Do in the Aftermath of the Breach?
Breaches as uncertain as this are always dangerous. Luckily, any of the victims will have received a notice explaining exactly what information was involved. If financial or social security details are involved, it’s important to use credit and identity monitoring. It’s also important to make sure that you have dark web monitoring because it will alert you almost immediately if your information is found on the dark web.