A law firm representing high-profile musicians such as Lady Gaga, Madonna, Nicki Minaj, and Bruce Springsteen and more confirmed to Rolling Stone on Tuesday that its internal data systems were subject to a cyberattack that could potentially expose their client’s sensitive data.
The confirmation comes days after Variety reported that a hacker group known as “REvil” or “Sodinokibi” claimed to have stolen 756 gigabytes of sensitive documents from the New York law firm’s server.
“We can confirm that we’ve been victimized by a cyberattack,” a spokesperson for Grubman Shire Meiselas & Sacks told the magazine in a statement. “We have notified our clients and our staff. We have hired the world’s experts who specialize in this area, and we are working around the clock to address these matters.”
The company specializes in representing famous individuals within the media and entertainment industry. Its website, which is currently displaying just its logo, has previously boasted of representing musicians including Sir Elton John, Barbra Streisand, Barry Manilow, Rod Stewart, Lady Gaga, Lil Nas X, The Weeknd, Madonna, U2 and Drake.
Other clients of the firm include Nicki Minaj, Mary J. Blige, Mariah Carey, Bette Midler, Christina Aguilera, Idina Menzel, Run DMC, Cam Newton, Jessica Simpson, Priyanka Chopra, and Ella Mai.
The stolen data reportedly includes sensitive information such as phone numbers, email addresses, and correspondence, contracts, and nondisclosure agreements. Having obtained the data, hackers typically extort the relevant company in exchange for large payments. So far, the hackers have only released minimal data as a warning of their further intentions according to Emsisoft threat analyst Brett Callow.
According to an Emsisoft study published last year entitled “The State of Ransomware in the U.S.,” close to 1,000 healthcare providers, government agencies, and educational institutions were victims of ransomware attacks nationwide, costing them an estimated $7.5 billion.