Content firewall vendor Accellion has turned to Latham & Watkins for counsel in a series of class action lawsuits resulting from a data breach that affected a number of the company’s clients, including law firms Jones Day and Goodwin Procter.
The data breach at the Palo Alto-based company has impacted at least a dozen other companies, including US supermarket chain Kroger, Singaporean telephone company Singtel and the Reserve Bank of New Zealand.
Latham was announced as acting defense counsel last Thursday in at least five pending class action suits over the data breach, which saw hackers access data from Accellion’s legacy File Transfer Appliance software that specialises in large file transfers. The attack was initially discovered in December last year, with additional vulnerabilities reported in January.
Court documents show Michael Rubin, leader of the firm’s data privacy and security practice and global vice chair of Latham’s technology industry group, and Melanie Blunschi, co-chair of the firm’s retail and consumer products industry group, made appearances on behalf of Accellion in cases filed in the last month in the US District Court for the Northern District of California.
New York-based partner and former cybercrimes prosecutor Serrin Turner is also representing Accellion in at least three of the cases, according to Reuters.
Latham’s appointment is the latest development in the fallout from the cyberattack, as Accellion stares down a growing pile of class action cases against it for allegedly failing to adequately protect and notify its customers of the breach.
One of the most recent cases came from a Kroger pharmacy customer who filed a complaint in San Jose federal court accusing Accellion of negligence, claiming the company was aware its file transfer platform was not secure yet still offered to its clients.
A separate case filed in California federal court alleges Accellion “knew or should have known” the importance of safeguarding the sensitive files shared through its now discontinued 20-year-old FTA network, yet allowed an “unauthorised person” to access the information in the December data breach.
Accellion didn’t immediately respond to a request for comment on the allegations.
Cybersecurity forensics firm FireEye carried out an investigation on behalf of Accellion earlier this month, revealing two threat groups with ties to ransomware and financial crimes groups were responsible for the attack and subsequent extortion activity that landed Jones Day’s data files on the dark web.
“Since becoming aware of these attacks, our team has been working around the clock to develop and release patches that resolve each identified FTA vulnerability, and support our customers affected by this incident,” Accellion CEO Jonathan Yaron said in a written statement. He urged customers to switch to the company’s new flagship content firewall platform Kiteworks, which was not impacted by the attack.
The discovery of the Accellion data breach rounded out a turbulent year for law firms and security breaches. Two months prior to the Accellion incident, Chicago firm Seyfarth Shaw reportedly suffered a malware attack and New York-based Fragomen Del Rey Bernsen & Loewy confirmed it fell victim to a breach involving personal information of Google employees. Considering the pandemic forced law firms to shift their work online, it’s possible the uptick in cyberattacks stems from the increased availability of client data in the digital sphere with cybercriminals looking to get hold of sensitive client data.
A spokesperson at Latham declined to comment on the representation.