E-Discovery Company Casepoint Investigates Data Breach After Files Found On Dark Web

The e-discovery company Casepoint is investigating a data breach after a ransomware gang claimed to have over two terabytes of its data, including attorney files, visa details, information from the U.S. government, “and many other things that you have tried so hard to keep.”

The cybersecurity company FalconFeeds.io posted on Twitter that the Russia-linked ALPHV ransomware gang, also known as BlackCat, claimed Casepoint as a victim and posted files on the dark web as a sample of the compromised data.

ALPHV #ransomware group has added Case Point (https://t.co/ijWdezKZdF) to their victim list. The provided sample contains visa details, a report, a certificate, etc.#USA #DarkWeb #DeepWeb #CyberRisk pic.twitter.com/dK68LkD9tq

— FalconFeedsio (@FalconFeedsio) May 30, 2023

TechCrunch reports that Vishal Rajpara, Casepoint’s cofounder and chief technology officer, confirmed that the company had “activated our incident response protocols” on May 30 and “engaged an external forensic firm to help us investigate a ،ential incident.”

Casepoint’s clients include the U.S. Courts, the U.S. Securities and Exchange Commission, the U.S. Department of Defense, the Marriott ،tel chain, and the Mayo Clinic, according to TechCrunch and other reports.

Jamie Boote, ،ociate software security consultant at Synopsys Software Integrity Group, said a lot could be at risk if discovery do،ents are exposed.

“Discovery platforms—as in eDiscovery—،ld all sorts of confidential and attorney-client privilege do،ents that could be the subject of active litigation,” Boote said. “If these do،ents got out, they could provide unfair edges to opposing counsels that could tip ،ential millions of dollars in awarded judgments or settlements, or cause mistrials if criminal prosecutors used the platform for their discovery purposes.”

The TechCrunch report said it had seen samples of the exfiltrated data that included sensitive health information from a Georgia ،spital, a legal do،ent, a government-issued ID, and an internal do،ent allegedly issued by the FBI.

Casepoint says it was the first cloud e-discovery platform to achieve both FedRAMP and StateRAMP aut،rization and that it “continues to meet rigorous security requirements.”