Grubman Shire Meiselas & Sacks, a big media and leisure legislation agency, seems to have been the sufferer of a cyberattack that resulted in the theft of an infinite batch of personal data on dozens of celebrities, in accordance to an information safety researcher.
The trove of information allegedly stolen from the New York-based agency by hackers — a complete of 756 gigabytes — consists of contracts, nondisclosure agreements, cellphone numbers and e mail addresses, and “private correspondence,” in accordance with a picture of the hackers’ put up offered to Variety by Emsisoft, a cybersecurity software program and consulting firm specializing in ransomware.
The paperwork purportedly embody details about a number of music and leisure figures, together with: Woman Gaga, Madonna, Nicki Minaj, Bruce Springsteen, Mary J. Blige, Ella Mai, Christina Aguilera, Mariah Carey, Cam Newton, Bette Midler, Jessica Simpson, Priyanka Chopra, Idina Menzel, HBO’s “Final Week Tonight With John Oliver,” and Run DMC. Fb is also on the hackers’ hit checklist.
Representatives for Grubman Shire Meiselas & Sacks didn’t reply to Variety‘s requests for remark Friday. As of Saturday morning, the agency’s web site (gsmlaw.com) was successfully offline, displaying solely its brand.
In the kind of ransomware assault evidently carried out towards the authorized agency, cybercriminals use the specter of releasing the stolen knowledge as leverage to extort cost.
Variety was unable to confirm the authenticity of the allegedly stolen paperwork. In keeping with Emsisoft, the hackers posted proof of the information theft by way of a discussion board on the darkish net, which lets customers interact in secret transactions and conceal their identities utilizing encryption. It isn’t identified how a lot the hacker group liable for the assault could also be demanding from the legislation agency in change for not releasing the fabric publicly and/or on the darkish net.
One of many paperwork launched by the hacker group was a replica of a contract for Madonna’s 2019-20 “Madame X” with Stay Nation.
The information the hackers have launched up to now “is just a warning shot,” Callow mentioned. “It’s the equal of a kidnapper sending a pinky finger.” The implicit menace is that if the agency doesn’t pay the cybercriminals, the group will publish no matter different knowledge they managed to steal, most likely in installments, he added.
The ransomware assault on Grubman Shire Meiselas & Sacks was perpetrated by a gaggle referred to as “REvil,” often known as “Sodinokibi,” which has beforehand focused Travelex, Brooks Worldwide and different organizations, Emsisoft menace analyst Brett Callow instructed Variety. Travelex, the U.Okay.-based currency-exchange firm, paid $2.three million in bitcoin to hackers that had contaminated its community with viruses, the Wall Avenue Journal reported final month.
Shoppers of New York-based Grubman Shire Meiselas & Sacks span music artists, actors and TV personalities, sports activities stars, and media and leisure firms.
On the music entrance, in accordance with the agency’s beforehand printed checklist of shoppers, these embody: AC/DC, Avicii, Barbra Streisand, Barry Manilow, Bebe Rexha, Bette Midler, Bruce Springsteen, the David Bowie Property, Drake, Elton John, Fiona Apple, Future, Jessie Reyez, John Mellencamp, Woman Gaga, Lil Nas X, Lil Wayne, Lionel Richie, Lizzo, Madonna, Maroon 5, Nas, OK Go, Ricky Martin, Rod Stewart, Shania Twain, Sting, The Weeknd, Timbaland, Tony Bennett, U2, Usher and the Whitney Houston Property.
Different expertise and execs repped by Grubman Shire Meiselas & Sacks embody Andrew Lloyd Webber, Barbara Walters, Clive Davis, David Geffen, David Letterman, Diane Sawyer, Gayle King, Iman, Irving Azoff, Jimmy Iovine, Kate Upton, Maria Shriver, Mariska Hargitay, Martha Stewart, Meg Ryan, Mikhail Baryshnikov, Nancy Grace, Naomi Campbell, Priyanka Chopra, Richard Plepler, Robert De Niro, Shay Mitchell, Sofia Vergara, Spike Lee, and the Osbournes (Ozzy, Sharon and Kelly).
Athletes who’re listed as shoppers embody Cam Newton, Colin Kaepernick, Henrik Lundqvist, LeBron James, Mike Tyson, Scottie Pippen, Sean Avery, Sloane Stephens and Victor Cruz.
As well as, firms on the agency’s shopper roster embody Activision, Azoff MSG Entertainment, Discovery, EMI Music Group, Fb, Focus Options, HBO, iHeartMedia, Imax, IAC, Stay Nation, Martha Stewart Dwelling Omnimedia, MTV, NBA Entertainment, the Nederlander Group, Playboy Enterprises, Samsung Electronics, Scott Rudin Prods., Sony Corp. and Sony/ATV Music Publishing, Spotify, Tribeca Movie Competition, Common Music Group and Vice Media Group.
In keeping with a examine by Emsisoft, in 2019 at the very least 966 healthcare suppliers, authorities companies, and academic establishments in the U.S. had been focused by ransomware assaults at a possible price of greater than $7.5 billion. The corporate says that because the COVID-19 disaster worsened in the primary quarter of 2020, the variety of profitable ransomware hacks dropped significantly, to 89 circumstances recognized in the interval.