Entertainment and media law firm Grubman Shire Meiselas & Sacks said that its internal data systems were hacked and information on its clients was stolen, which puts a large number of A-list celebrities at risk.
“We can confirm that we’ve been victimized by a cyberattack,” the New York-based law firm said in a statement to Variety. “We have notified our clients and our staff. We have hired the world’s experts who specialize in this area, and we are working around the clock to address these matters.”
The news come almost a week after a hacker group claimed to have stolen 756 gigabytes of documents from the law firm on many entertainment figures and musicians.
The documents included contracts, personal e-mails, nondisclosure agreements, phone numbers and private correspondence related to clients, which includes celebrities like Madonna, Lady Gaga, Nicki Minaj, Bruce Springsteen, Mary J. Blige, Ella Mai, Christina Aguilera, Drake, Mariah Carey, Lebron James, Priyanka Chopra, Idina Menzel and The Weeknd, the hackers claimed.
The hackers reportedly are said to be demanding $21 million or they are threatening to make public “personal details” of multiple clients represented by Gruban Shire Meiselas & Sacks, including Elton John, Lady Gaga and Barbra Streisand.
According to cybersecurity firm Emsisoft, the hacker group released an excerpt from a contract for Madonna’s 2019-20 “Madame X” tour with Live Nation to prove the hack was real.
The hack was carried out by a group called “REvil,” also known as “Sodinokibi,” according to Emsisoft.
“Companies in this position have no good options available to them,” Brett Callow, threat analyst at Emsisoft told BBC. “Non-payment of the demand will result in the information being published; payment will simply get them a pinky promise from criminals that the stolen data will be deleted.”
“These incidents are becoming increasingly commonplace and increasingly concerning. And incidents involving law firms are even more concerning due to the sensitivity of the data they hold.”
The group previously attacked foreign exchange company Travelex with ransomware in January.