Madonna and Lady Gaga Among Global Stars Targeted in Hackers’ Extortion Plot Against Law Firm

Cyberattackers seeking more than $2M from Travelex got inside Allen Grubman’s celebrity law firm. Confidential docs are now leaking online as the hackers turn the screws.

A-list stars of the entertainment world, including Madonna, Lady Gaga, and Bruce Springsteen, are among dozens of celebrities whose personal and business information is being held for ransom by hackers who infiltrated the computer networks of media and entertainment law firm Grubman Shire Meiselas & Sacks.

Industry sites such as Teiss said the hackers, calling themselves REvil, claimed on dark-web forums to have accessed 756GB of information on many clients, past and present, including Lady Gaga, Madonna, Nicki Minaj, Bruce Springsteen, Mary J. Blige, Christina Aguilera, Mariah Carey, Bette Midler, Jessica Simpson, Priyanka Chopra, Idina Menzel, and Run DMC.

The REvil group posted an excerpt from a contract for Madonna’s 2019-20 “Madame X” tour with Live Nation as proof that it was inside the law firm’s systems.

Page Six quotes a source as saying the firm “has sensitive details on everything—work contracts, confidential settlements, and endorsement deals for the biggest stars in New York and Hollywood.”

Other celebrity clients who could now be at risk include Jessica Simpson, Naomi Campbell, Sofia Vergara, Spike Lee, the Osbournes (Ozzy, Sharon and Kelly), along with major companies such as Discovery, HBO, EMI Music Group, Imax, MTV, NBA Entertainment, Playboy Enterprises, Samsung Electronics, Sony, Spotify, Tribeca Film Festival, Universal Music Group, and Vice Media Group.

Grubman Shire Meiselas & Sacks said in a statement: “We can confirm that we’ve been victimized by a cyberattack. We have notified our clients and our staff. We have hired the world’s experts who specialize in this area, and we are working around the clock to address these matters.”

The storied law firm was founded by Allen Grubman, father of the publicist Lizzie Grubman, who was famously jailed in 2001 after backing her SUV into a line of people waiting to gain entry to a Hamptons nightclub, injuring more than a dozen.

It is being widely reported that the hackers are seeking a ransom, using the threat of releasing the stolen data as leverage to extort payment.

REvil is thought to be the same group of hackers that successfully extorted Travelex, the U.K.-based currency-exchange company, out of a $2.3 million bitcoin ransom, as The Wall Street Journal reported. REvil boasted to the Bleeping Computer blog that it used “Sodinokibi” ransomware to successfully lock Travelex’s entire network.

It initially demanded $6 million (£4.6m) to return the encrypted files but, according to the Journal, finally settled for $2.3 million paid in bitcoin. The attack forced Travelex to shut down operations at 1,500 outlets around the world.

Bleeping Computer says that the hackers have also provided snippets from a legal agreement in 2013 signed by Christina Aguilera and an artist featured in one of her music projects. The blog has also published file lists showing the names of dozens of celebrities whose information may now be compromised.

Bleeping Computer says the group is “unlikely to make empty threats, as in the past they have sold data stolen from victims that did not pay the ransom.”

Commenting on the latest cyberattack targeting Grubman Shire Meiselas & Sacks, Ilia Kolochenko, founder & CEO of ImmuniWeb, told Teiss that law firms are desirable targets for hackers as it is often much easier and faster to breach a midsize office to get ultra-confidential data, compared to directly targeting their large clients, such as banks or celebrities.

“A considerable number of law firms have no incident detection and response capacities, often leaving them unable to detect an intrusion in a timely manner,” he said. “Law firms are a low hanging fruit for cybercriminals, enabling the latter to get their hands on crown jewels of major organizations without spending much effort.”