Welcome to the Reuters.com BETA. Read our Editor's note on how we're helping professionals make smart decisions.
Skip to main content

Legal Industry

Emails from Jones Day vendor breach have Chicago officials playing defense

5 minute read

The law firm of Jones Day is seen in Washington, D.C., U.S., August 30, 2020. REUTERS/Andrew Kelly

  • Hackers claimed in February they stole files belonging to Jones Day
  • The firm was hired to review Chicago police policies following the release of a 2019 police raid video

(Reuters) - The data breach of a file-transfer service used by Jones Day is causing fresh headaches this week, both for the law firm and city officials in Chicago.

Transparency activists at Distributed Denial of Secrets and Lucy Parsons Labs over the past two weeks released hacked internal emails that were sent by current and former city of Chicago employees, including police officials.

The emails were among a massive trove of documents initially obtained by hackers in a breach or series of breaches of Accellion Inc, whose service for large file transfers is used by companies and law firms. Some of the documents, including client documents belonging to Jones Day such as the Chicago emails, were leaked online earlier this year.

Chicago Mayor Lori Lightfoot tapped Jones Day in December to review the city's police policies following the release of a video showing a woman being handcuffed while naked during a 2019 police raid.

Internal emails from the Accellion hack show that the Chicago Police Department started its own drone program using money and other assets it seized in criminal investigations, according to the Chicago Sun-Times.

They also show that Lightfoot had not acted on any recommendations to change the way it investigates fatal police shootings as it was required to do, the Sun-Times reported. A spokesperson for the city did not comment on the report.

"I think the big thing people should take away and why they’re newsworthy, they shine the light on interactions the public would never see," Freddy Martinez, the executive director of Lucy Parsons Labs and a member of DDoS' board, said of the released emails.

Hackers that go by the name CL0P claimed in February that they stole files belonging to Jones Day and posted at least some of the material on the dark web. Jones Day said its own network was secure, and instead blamed the breach on Accellion's FTA file-transfer platform.

Lightfoot said Monday that both Jones Day and the city had refused to bow to ransom threats for the emails.

"This entity that supposedly hacked these emails tried to get a ransom from Jones Day, which was not paid, and then from the city, which we obviously didn’t pay," Lightfoot told reporters at a press conference.

A spokeswoman for Chicago's Law Department said the city "will not respond to any media inquiries stemming from information obtained through illegal ransomware attack."

Martinez said that the city government emails released by Lucy Parsons Labs and DDoS represent just a fraction of the Jones Day emails that were available on the dark web.

The Law Department spokeswoman questioned the authenticity of the emails, but Carlos Ramirez-Rosa, an alderman for Chicago's 35th Ward, told NBC 5 Chicago that the hackers' copies of emails he sent to the mayor's office "are certainly authentic."

The Law Department spokeswoman also noted that internal city emails are subject to the Freedom of Information Act. But Martinez said FOIA doesn't cover deliberations like those captured in the emails.

RELATED COVERAGE

Jones Day is latest major law firm affected by vendor data breach

Chicago turns to Jones Day for citywide review over 2019 police raid video

Reporting by David Thomas

Our Standards: The Thomson Reuters Trust Principles.

More from Reuters