Law firm Jones Day says hackers accessed client files

By David Thomas and AJ Vicens

April 6 (Reuters) - Jones Day, a leading U.S. law firm, said on Monday that it suffered a data breach after hackers posted client materials online.

Jones Day, which represented President Donald Trump in his 2016 and 2020 election campaigns, "experienced a cyber 'phishing' incident in which an unauthorized third party accessed a limited number of dated files for 10 clients," a firm spokesperson said in a statement.

The spokesperson said all of the affected clients have been notified. The spokesperson declined to identify the clients or files that were accessed.

A group called the Silent Ransom Group posted the data to their website on March 30, according to a timeline of events captured by eCrime.ch, a cybercrime research platform. The group, which claimed responsibility for the hack, could not immediately be reached for comment.

The hackers claimed to have targeted Greg Castanias, who leads the Jones Day team handling cases before the U.S. Court of Appeals for the Federal Circuit, according to a screenshot they posted of purported negotiations between them and two members of the firm's information security and technology staff.

Castanias declined to comment. A large part of the Federal Circuit's caseload involves intellectual property matters, and it frequently hears cases involving major companies.

The Silent Ransom Group has been targeting law firms since 2023 "likely due to the highly sensitive nature of legal industry data," the FBI said in a notice it circulated last year.

Jones Day, with 2,400 lawyers, was founded in Ohio and is known for defending large corporations. The firm represented Trump in his first two presidential campaigns as the Republican nominee, and several of its attorneys landed senior positions at the White House and Justice Department during Trump's first and second terms.

Jones Day said in 2021 that it was among companies affected by the hack of a file-transfer program by a group known as Clop. Law firms, which frequently possess confidential client data relating to corporate deals and litigation, have been increasingly targeted by hackers and other cybercriminals.

U.S. law firm Williams & Connolly disclosed in October that hackers had gained access to some of its computer systems. The firm said a small number of its attorney email accounts were accessed but that “there is no evidence that confidential client data was extracted from any other part of our I.T. system, including from databases where client files are stored."