In 2021, the LockBit Ransomware group breached the servers of New York-based law firm HPMB and stole sensitive information from one of its healthcare-related clients. Security analysis revealed that the cybercriminals from China-funded Hafnium Group gained access to the firm’s servers through a vulnerability in Microsoft Exchange Server. This vulnerability was fixed by Microsoft in 2021, so the company was not at fault.
In response to a class action lawsuit, HPMB agreed to pay $200,000 to settle the data breach suit. Furthermore, the firm agreed to enhance its cybersecurity measures and appoint a third-party forensic expert to report on its current cybersecurity posture and those that will be adopted in the future. Additionally, the firm paid the LockBit ransomware gang $100,000 to continue its business operations.
Finally, Attorney General Letitia James gave the law firm seven days to review its decision and submit a report on how it will protect its user data in the future. This breach serves as a reminder of how important it is for companies to take proactive steps to secure user data and for individuals to remain vigilant about the security of their personal information.
In summary, the LockBit Ransomware group breached the servers of New York-based law firm HPMB in 2021, gaining access through a vulnerability in Microsoft Exchange Server. In response to the data breach lawsuit, the law firm agreed to pay $200,000 to settle the suit, enhance its cybersecurity measures, and pay the LockBit ransomware gang $100,000. Attorney General Letitia James gave the firm seven days to review its decision and submit a report on how it will protect its user data in the future. This case highlights the need for companies to take proactive steps to secure user data and for individuals to remain vigilant about their personal information.