LawSnap

Privacy

Jones Day Phishing Breach Exposes 10 Clients' Files to Silent Ransom Group

Published April 6, 2026

Source law360.com open_in_new

Score

7

Why it matters

Jones Day, a prominent U.S. law firm, confirmed on April 6, 2026, that hackers conducted a phishing attack, allowing an unauthorized party to access a limited number of dated files for 10 unnamed clients. The Silent Ransom Group (SRG) claimed responsibility, posting a file directory, screenshots of negotiations demanding $13 million, and leaked data on their dark web site starting March 30, 2026. The firm notified all affected clients and stated the breach was contained, with no indication of further attacks or data publication beyond the initial leak.[2][3][5]

Key individuals targeted include Greg Castanias, a senior Washington-based partner leading the firm's Federal Circuit practice, as SRG's threats referenced him and past Epstein files ties. Involved parties are Jones Day, SRG (a cybercrime group targeting law firms), and affected clients (undisclosed). No agencies or legislation are mentioned in reports.[2][4][5]

The incident follows Jones Day's 2021 breach via Clop ransomware exploiting Accellion file transfer software, amid a pattern of attacks on major law firms. Timeline: Attack likely March 20-28 (negotiation chats); data posted March 30; firm confirmed publicly April 6.[2][3][5]

Newsworthy due to Jones Day's high-profile clients (e.g., Trump campaigns, White House placements), SRG's law firm focus, escalating cyber risks to legal sector handling sensitive data, and failed $13M ransom talks leading to leaks—highlighting persistent vulnerabilities two days after confirmation.[1][2][4][5]

Sources

[1] https://www.law360.com/pulse/modern-lawyer/articles/2462112/files-of-10-jones-day-clients-breached-in-cyberattack

[2] https://www.legalcheek.com/2026/04/jones-day-confirms-cyber-attack-after-hackers-access-client-files/amp/

[3] https://www.investing.com/news/company-news/jones-day-shares-client-data-breach-affecting-10-firms--bloomberg-93CH-4599032

[4] https://www.nonbillable.co.uk/news/jones-day-cyber-attack-linked-to-group-targeting-law-firms

[5] https://databreaches.net/2026/04/06/jones-day-confirms-limited-breach-after-phishing-attack-by-silent-ransom-group/

[6] https://beinsure.com/news/jones-day-data-breach-exposed-files-tied-to-10-client-matters/

[7] https://www.law360.com/pulse/articles/2462112

[8] https://www.teiss.co.uk/cyber-threats/jones-day-confirms-data-breach-after-hackers-leak-client-files-online-17320

mail

Get notified about new Privacy developments

Primary sources. No fluff. Straight to your inbox.

Related

View all Privacy

See more entries tagged Privacy.