Industry - Data Breach
Executive Summary
Jones Day, a top-ranked U.S. law firm, confirmed a data breach affecting 10 clients after the Silent Ransom Group gained access through a phishing attack and posted stolen files to the dark web on March 30. The hackers demanded $13 million and threatened to publish all data, contact employees and clients, and resume attacks if the firm did not respond by their deadline. All affected clients have been notified of the breach, which targeted a senior member of the firm's Federal Circuit legal team.
What Happened
Jones Day, a leading U.S. law firm, suffered a data breach after the Silent Ransom Group gained access to limited files for 10 clients through a phishing attack targeting a senior member of the firm's Federal Circuit legal team. The hackers posted stolen data to the dark web on March 30, 2026, and demanded $13 million in ransom. According to leaked negotiation screenshots, the threat actors warned they would publish all data, contact employees and clients, and resume attacks if the firm did not respond by their March 28 deadline.
Who Is Affected
Ten clients of Jones Day are directly affected by the exposure of their confidential legal files. The breach specifically targeted materials related to Greg Castanias, who leads the firm's Federal Circuit appellate practice. All affected clients have been notified of the incident by the firm.
Why It Matters
This incident highlights the ongoing targeting of law firms by ransomware groups, who seek highly sensitive legal data that can be leveraged for extortion. The FBI has warned since 2023 that Silent Ransom Group specifically targets law firms due to the confidential nature of attorney-client communications and case materials. This is Jones Day's second confirmed data breach, following a previous incident involving the Accellion file transfer vulnerability, demonstrating that even sophisticated organizations remain vulnerable to phishing attacks and repeat compromises.
What You Should Do
If you are a client of Jones Day, contact the firm directly to confirm whether your data was affected and request specific details about what information may have been exposed. Monitor your accounts and communications for suspicious activity, as threat actors may attempt to use leaked information for targeted phishing or social engineering attacks. If you work with any law firm, verify that they have robust email security training and phishing defenses in place, and consider asking about their incident response procedures and cyber insurance coverage.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.