A prominent media law firm, Grubman, Shire, Meiselas & Sacks, confirmed that its internal system had been hacked, as a trove of data on Hollywood moguls had been stolen, Variety reported.
“We can confirm that we’ve been victimised by a cyberattack,” the company said in a statement to Variety. “We have notified our clients and our staff. We have hired the world’s experts who specialise in this area, and we are working around the clock to address these matters.”
The company’s clients are among the world’s most prominent A-listers, who are now worried that their private data will soon surface on the net. According to the hacking group “REvil”, they now possess private info on such celebrities as Lady Gaga, Madonna, Nicki Minaj, Christina Aguilera, Mariah Carey, Jessica Simpson, Priyanka Chopra and many others, which includes their phone numbers, email addresses, private letters, contracts and nondisclosure agreements.
The group behind the attack has already released some evidence of the stolen documents through the dark web, according to the cybersecurity company Emsisoft, which included an excerpt from Madonna’s “Madame X” tour contract. The group says it has staggering 756 gigabytes of private celeb data.
Emsisoft believes that this is a type of ransomware attack, where hackers would try to extort payment from the law firm, while threatening to release the whole package of stolen data. Thus, the released info so far was simply “a warning shot”, the cyber threat analysts claim, but it is unclear so far how much will the hackers demand from Grubman, Shire, Meiselas & Sacks for not releasing the remaining secrets.
As of 13 May, the Grubman, Shire, Meiselas & Sacks website was still down and displaying just a logo.
