Grubman Shire Meiselas & Sacks, the high-powered entertainment law firm that represents such mainstream artists as Bruce Springsteen, Lady Gaga, Madonna, Mary J. Blige, Christina Aguilera, Idina Menzel, and more, has fallen victim to a massive cyberattack.
According to a report by Variety, a total of 756 gigabytes worth of “contracts, nondisclosure agreements, phone numbers, email addresses, and personal correspondence was extracted in the law firm hack.” The cyberattack was confirmed to Variety via an image of the hackers’ post provided by Emsisoft, a “cybersecurity software and consulting company that specializes in ransomware,” the classification of cyberattacks in which hackers use the threat of releasing stolen data as leverage to extort ransom payments.
As Emsisoft told Variety, the hackers—a group known as “REvil” or “Sodinokibi”—published a selection of the stolen documents as a “warning shot” for the firm. Experts believe that the hackers plan to roll out more leaked documents if the firm does not pay a ransom. It is currently unknown how much the hacker group is demanding from the firm to stop future leaks.
“REvil” has previously succeeded in extorting money from large companies in this manner. According to an April report by The Wall Street Journal, Travelex, the U.K.-based currency exchange company, turned over “$2.3 million in bitcoin to hackers that had infected its network with viruses. One of the released documents was an excerpt from the contract from Madonna’s 2019–2020 Madame X tour.
Since the attack came to light late last week, Grubman Shire Meiselas & Sacks has begun notifying clients of the data breach. “Attacks on law firms are particularly concerning due [to] the sensitivity of the information they hold,” Emsisoft threat analyst Brett Callow said in a statement to Rolling Stone. “For example, previous incidents have resulted in details veterans’ PTSD claims and child neglect cases being published online. And all of this information was posted on the clear web where it could be easily accessed by anybody with an internet connection.” Since the hack, the Grubman Shire Meiselas & Sacks website has been effectively closed down. It now displays only the firm’s logo.
One can only imagine what kinds of sensitive documents may have been obtained in the law firm hack. The firm represents a large swath of actors and TV personalities, athletes, and media and entertainment companies along with a roster of musicians including (per Variety) AC/DC, Avicii, Barbra Streisand, Barry Manilow, Bebe Rexha, Bette Midler, Bruce Springsteen, the David Bowie Estate, Drake, Elton John, Fiona Apple, Future, Jessie Reyez, John Mellencamp, Lady Gaga, Lil Nas X, Lil Wayne, Lionel Richie, Lizzo, Madonna, Maroon 5, Nas, OK Go, Ricky Martin, Rod Stewart, Shania Twain, Sting, The Weeknd, Timbaland, Tony Bennett, U2, Usher and the Whitney Houston Estate.
This story is developing.