Cyber attack on California law firm compromised the data of 315,000 individuals

Long Beach, California-based business law firm Keesal, Young & Logan said it experienced a data security incident that compromised the sensitive personal information of more than 315,000 individuals.

 

Founded in 1970, Keesal, Young & Logan provides legal services to both large and small-scale companies. The firm’s offices are based in Long Beach, San Francisco, Seattle, Anchorage, and Hong Kong.

 

In a data security incident notice filed with the Office of Maine Attorney General, the law firm said that on June 13, it identified suspicious activity in its internal network and immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“Through the investigation, KYL determined that there was unauthorised access to its network between June 7 and June 13, 2024. While on the network, the unauthorised actor acquired certain information stored therein,” reads the notice.

 

The compromised data included names, Social Security numbers, driver’s license numbers, financial account numbers, and individual taxpayer identification numbers. The law firm’s filing with the attorney general’s office revealed that it identified at least 316,350 individuals who were impacted by the incident.

 

“Upon discovering the incident, we took immediate steps to secure the network and strengthen our security posture moving forward. Further, KYL notified federal law enforcement of the event,” the firm added.

 

The California-based law firm has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through IDX to all affected individuals.

 

At the time of publishing no known hacker group has claimed responsibility for the cyber attack on KYL. The firm also did not share details on how the threat actors infiltrated its systems or whether they demanded a ransom.