After suffering a ransomware incident in February 2021, US law firm Campbell Conroy & O’Neil, P.C., which works with numerous Fortune 500 companies, have announced they’ve been affected by a data breach. After the discovery of a system disturbance and third party investigation, it was revealed that the entity behind the attack was able to access “certain individuals’ names, dates of birth, driver’s license numbers / state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data, and/or online account credentials (i.e. usernames and passwords).” Due to the high-profile nature of the clients that they deal with, the law firm could be viewed as a lucrative target for threat actors. It’s not known at this time which group is behind the attack and if the information that was accessed was sold or misused. The type of information that was accessed by the attackers is highly sought-after in criminal marketplaces and can be used for identity theft fraud. As a preventative measure, the law firm will be offering free identity monitoring for two years.