Kirkland & Ellis Details

    Organization Logo

    Kirkland & Ellis

    Chicago, Illinois3000 employees • Professional, Scientific, and Technical Services

    Industry

    Professional, Scientific, and Technical Services

    Security Incidents

    1

    Kirkland & Ellis LLP is an American multinational law firm headquartered in Chicago, Illinois. Founded in 1909, Kirkland & Ellis is the largest law firm in the world by revenue and the seventh-largest by number of attorneys, and was the first law firm in the world to reach US$4 billion in annual revenue.

    Security Incidents

    Kirkland & Ellis Breach of May 2023
    Severity Score
    Significant to High

    Type

    Unknown

    Summary

    The Clop ransomware gang exploited a zero-day vulnerability in the MOVEit Transfer software starting on May 27th, 2023, during the US Memorial Day holiday, resulting in breaches at hundreds of companies. Microsoft identified the attackers as 'Lace Tempest' (aka TA505 or FIN11), confirming the group's involvement. Clop has shifted from encryption-based ransomware to data-theft extortion, and during this incident, they claimed to have stolen data from many organizations, warning that compromised data would be published if ransoms were not paid. Despite assurances from Clop that data from governm...
    Show more

    Severity

    The recent MOVEit Transfer data-theft incident orchestrated by the Clop ransomware gang exploited a zero-day vulnerability to breach the servers of hundreds of companies, stealing data during the US Memorial Day holiday. This attack showcases a strategic and sophisticated approach, with the gang employing tactics like timing their efforts around holidays to exploit reduced staffing. Though Clop claims to have deleted data from sensitive entities such as governments and children's hospitals and has delayed extorting the victims, the widespread impact and potential for further exploitation eleva...
    Show more

    Impact

    The cyber incident involving the Clop ransomware gang was a significant data breach exploiting a zero-day vulnerability in the MOVEit Transfer software.

    Sensitive data from numerous companies was stolen, affecting organizations like Zellis and subsequently their clients such as British Airways and Aer Lingus.
    While the gang claims they have deleted data pertaining to governments, the military, and children's hospitals, customer data, particularly personal and employee information, was compromised in the attack. Although no financial or phone contact details were reported stolen for Aer Ling...
    Show more