Jones Day confirms data breach after hackers leak client files online

Jones Day, a major U.S.-based law firm, disclosed Monday that it experienced a data breach involving unauthorized access to client-related files after hackers published materials online.

The firm said the incident stemmed from a phishing attack in which an unauthorized third party accessed a limited number of older files associated with 10 clients. All affected clients have been notified, and the firm has not identified the individuals or specific documents involved.

The breach became public after a group calling itself the Silent Ransom Group posted the data on its website on March 30. The group claimed responsibility for the intrusion and indicated it had targeted Greg Castanias, a Jones Day partner who leads the firm’s team handling cases before the U.S. Court of Appeals for the Federal Circuit. Castanias did not comment on the claims.

Jones Day, which employs approximately 2,400 lawyers and is known for representing large corporations, has also played a prominent role in U.S. politics, including legal representation for Donald Trump during his 2016 and 2020 presidential campaigns.

The Federal Circuit, where Castanias frequently practices, handles a significant number of intellectual property disputes and cases involving major corporations, making related legal data particularly sensitive.

Cybersecurity officials have identified the Silent Ransom Group as an active threat actor targeting law firms since 2023, citing the high value of confidential legal data tied to corporate transactions and litigation.