Major international law firm Jones Day has confirmed that a cybercriminal group known as Silent breached its systems through a phishing attack, accessing files belonging to 10 clients. The group listed Jones Day on its extortion site, claiming credit for the attack. This marks the second known breach of the firm, which was also hit in 2021.
What Happened
Jones Day disclosed on April 7, 2026, that an unauthorized third party gained access to internal systems via a phishing incident. The firm described the compromised data as "a limited number of dated files" belonging to 10 clients. The Silent group, a prolific threat actor known for targeting U.S. law firms, posted Jones Day on its extortion website shortly after, a standard precursor to data leak threats and ransom demands. Spokesperson Dave Petrou confirmed all impacted clients have been notified.
What Was Taken
The firm has characterized the stolen data as "dated files" associated with 10 clients, though the specific nature and sensitivity of those files has not been disclosed. Given Jones Day's client roster, which includes Goldman Sachs, McDonald's, General Motors, and most recently JPMorgan Chase, the potential exposure of privileged legal communications, litigation strategy, or corporate deal documentation poses serious risk. The identities of the 10 affected clients have not been made public.
Why It Matters
Law firms are high-value targets precisely because they serve as centralized repositories of sensitive corporate, financial, and legal data across dozens or hundreds of clients. A single breach can expose privileged attorney-client communications, M&A strategy, regulatory filings, and litigation playbooks. The Silent group understands this and has built its operations around exploiting it. The FBI issued an alert in 2025 specifically warning that Silent targets American law firms, leveraging "the highly sensitive nature of legal industry data" for extortion. This incident validates that warning and underscores that even elite global firms remain vulnerable to commodity phishing attacks.
The Attack Technique
According to both the firm's disclosure and prior FBI reporting, the initial access vector was phishing. Silent is known to masquerade as legitimate businesses in its lure emails, tricking recipients into downloading malicious software. Once inside, the group exfiltrates data before listing victims on its extortion site to pressure payment. The playbook is well-documented: business email compromise, payload delivery via social engineering, lateral movement, data exfiltration, and double extortion.
Prior Targeting
This is not Jones Day's first breach. In 2021, the firm had data stolen in an attack linked to the Accellion file transfer appliance compromise, which affected numerous organizations globally. The recurrence of a breach at the same firm, five years later and via a different vector, raises questions about the effectiveness of post-incident security improvements and ongoing resilience against evolving threats.
What Organizations Should Do
- Implement phishing-resistant MFA. Hardware security keys or FIDO2-based authentication significantly reduce the effectiveness of credential phishing.
- Deploy advanced email filtering and sandboxing. Detect and quarantine impersonation attempts and malicious attachments before they reach inboxes.
- Conduct targeted phishing simulations. Tailor exercises to mimic Silent's known TTPs, including business impersonation lures, especially for legal and executive staff.
- Segment and encrypt sensitive client data. Limit blast radius by ensuring compromised credentials cannot provide broad access to client file repositories.
- Monitor for data exfiltration indicators. Unusual outbound data volumes, access to archived or dated files, and connections to known extortion infrastructure should trigger alerts.
- Review the 2025 FBI alert on Silent. Incorporate the group's known indicators of compromise and tactics into detection rules and incident response playbooks.
Sources: Jones Day Law Firm Says Hackers Accessed Some Clients' Data