Grubman Shire Meiselas & Sacks, a large media and entertainment law firm, appears to have been the victim of a cyberattack that resulted in the theft of an enormous batch of private information on dozens of celebrities, according to a data security researcher.
The trove of data allegedly stolen from the New York-based firm by hackers — a total of 756 gigabytes — includes contracts, nondisclosure agreements, phone numbers and email addresses, and “personal correspondence,” according to an image of the hackers’ post provided to Variety by Emsisoft, a cybersecurity software and consulting company specializing in ransomware.
The documents purportedly include information about multiple music and entertainment figures, including: Lady Gaga, Madonna, Nicki Minaj, Bruce Springsteen, Mary J. Blige, Ella Mai, Christina Aguilera, Mariah Carey, Cam Newton, Bette Midler, Jessica Simpson, Priyanka Chopra, Idina Menzel, HBO’s “Last Week Tonight With John Oliver,” and Run DMC. Facebook also is on the hackers’ hit list.
Representatives for Grubman Shire Meiselas & Sacks did not respond to Variety‘s requests for comment Friday. As of Saturday morning, the firm’s website (gsmlaw.com) was effectively offline, displaying only its logo.
In the type of ransomware attack evidently carried out against the legal firm, cybercriminals use the threat of releasing the stolen data as leverage to extort payment.
Variety was unable to verify the authenticity of the allegedly stolen documents. According to Emsisoft, the hackers posted evidence of the data theft via a forum on the dark web, which lets users engage in secret transactions and hide their identities using encryption. It isn’t known how much the hacker group responsible for the attack may be demanding from the law firm in exchange for not releasing the material publicly and/or on the dark web.
One of the documents released by the hacker group was an excerpt from a contract for Madonna’s 2019-20 “Madame X” tour with Live Nation.
The info the hackers has released so far “is simply a warning shot,” Emsisoft threat analyst Brett Callow told Variety. “It’s the equivalent of a kidnapper sending a pinky finger.” The implicit threat is that if the firm doesn’t pay the cybercriminals, the group will publish whatever other data they managed to steal, probably in installments, he added.
The ransomware attack on Grubman Shire Meiselas & Sacks was perpetrated by a group called “REvil,” also known as “Sodinokibi,” which has previously targeted Travelex, Brooks International and other organizations, according to Callow. Travelex, the U.K.-based currency-exchange company, paid $2.3 million in bitcoin to hackers that had infected its network with viruses, the Wall Street Journal reported last month.
Clients of New York-based Grubman Shire Meiselas & Sacks span music artists, actors and TV personalities, sports stars, and media and entertainment companies.
On the music front, according to the firm’s previously published list of clients, those include: AC/DC, Avicii, Barbra Streisand, Barry Manilow, Bebe Rexha, Bette Midler, Bruce Springsteen, the David Bowie Estate, Drake, Elton John, Fiona Apple, Future, Jessie Reyez, John Mellencamp, Lady Gaga, Lil Nas X, Lil Wayne, Lionel Richie, Lizzo, Madonna, Maroon 5, Nas, OK Go, Ricky Martin, Rod Stewart, Shania Twain, Sting, The Weeknd, Timbaland, Tony Bennett, U2, Usher and the Whitney Houston Estate.
Other talent and execs repped by Grubman Shire Meiselas & Sacks include Andrew Lloyd Webber, Barbara Walters, Clive Davis, David Geffen, David Letterman, Diane Sawyer, Gayle King, Iman, Irving Azoff, Jimmy Iovine, Kate Upton, Maria Shriver, Mariska Hargitay, Martha Stewart, Meg Ryan, Mikhail Baryshnikov, Nancy Grace, Naomi Campbell, Priyanka Chopra, Richard Plepler, Robert De Niro, Shay Mitchell, Sofia Vergara, Spike Lee, and the Osbournes (Ozzy, Sharon and Kelly).
Athletes who are listed as clients include Cam Newton, Colin Kaepernick, Henrik Lundqvist, LeBron James, Mike Tyson, Scottie Pippen, Sean Avery, Sloane Stephens and Victor Cruz.
In addition, companies on the firm’s client roster include Activision, Azoff MSG Entertainment, Discovery, EMI Music Group, Facebook, Focus Features, HBO, iHeartMedia, Imax, IAC, Live Nation, Martha Stewart Living Omnimedia, MTV, NBA Entertainment, the Nederlander Organization, Playboy Enterprises, Samsung Electronics, Scott Rudin Prods., Sony Corp. and Sony/ATV Music Publishing, Spotify, Tribeca Film Festival, Universal Music Group and Vice Media Group.
According to a study by Emsisoft, in 2019 at least 966 healthcare providers, government agencies, and educational institutions in the U.S. were targeted by ransomware attacks at a potential cost of more than $7.5 billion. The company says that as the COVID-19 crisis worsened in the first quarter of 2020, the number of successful ransomware hacks dropped considerably, to 89 cases identified in the period.