The e-discovery company Casepoint is investigating a data breach after a ransomware gang claimed to have over two terabytes of its data, including attorney files, visa details, information from the U.S. government, “and many other things that you have tried so hard to keep.”
The cybersecurity company FalconFeeds.io posted on Twitter that the Russia-linked ALPHV ransomware gang, also known as BlackCat, claimed Casepoint as a victim and posted files on the dark web as a sample of the compromised data.
ALPHV #ransomware group has added Case Point (https://t.co/ijWdezKZdF) to their victim list. The provided sample contains visa details, a report, a certificate, etc.#USA #DarkWeb #DeepWeb #CyberRisk pic.twitter.com/dK68LkD9tq
— FalconFeedsio (@FalconFeedsio) May 30, 2023
TechCrunch reports that Vishal Rajpara, Casepoint’s cofounder and chief technology officer, confirmed that the company had “activated our incident response protocols” on May 30 and “engaged an external forensic firm to help us investigate a potential incident.”
Casepoint’s clients include the U.S. Courts, the U.S. Securities and Exchange Commission, the U.S. Department of Defense, the Marriott hotel chain, and the Mayo Clinic, according to TechCrunch and other reports.
“Discovery platforms—as in eDiscovery—hold all sorts of confidential and attorney-client privilege documents that could be the subject of active litigation,” Boote said. “If these documents got out, they could provide unfair edges to opposing counsels that could tip potential millions of dollars in awarded judgments or settlements, or cause mistrials if criminal prosecutors used the platform for their discovery purposes.”
The TechCrunch report said it had seen samples of the exfiltrated data that included sensitive health information from a Georgia hospital, a legal document, a government-issued ID, and an internal document allegedly issued by the FBI.
Casepoint says it was the first cloud e-discovery platform to achieve both FedRAMP and StateRAMP authorization and that it “continues to meet rigorous security requirements.”