A cyber attack has hit popular legal technology firm CASEPOINT, used by a number of US courts, including the Securities Exchange Commission (SEC) and the Department of Defense (DOD). The attack, carried out by a group calling themselves ALPHV/Blackcat, resulted in the leaking of confidential data belonging to CASEPOINT.
The cybercriminals responsible for the attack claim to have stolen 2TB of confidential data from CASEPOINT, including information relating to the company itself, as well as lawyers and other confidential data. Screenshots of the stolen data have been published on a leakage website, including what appears to be a legal agreement and a government personality certificate.
CASEPOINT is a widely-used legal technology company, providing users with a cloud database for navigating and organizing legal documents. Customers include legal departments of corporations, law firms, and state institutions such as the SEC, the DOD, the National Administration of the US Credit Unions (NCUA), the Marriott hotel operator, the German industrial giant, the Mayo Clinic Academic Medical Center, and the BNSF Railway railway operator.
The cyber attack is a concerning development for CASEPOINT and its customers, as the confidential data stolen by ALPHV/Blackcat could potentially be used for illegal activities. The company has not yet responded publicly to the breach, but it is expected that they will take swift action to address the issue and improve their cybersecurity measures going forward.