Jones Day, one of the largest law firms in the United States, has confirmed that a cybercriminal group known as Silent breached its systems through a phishing attack, accessing files belonging to at least 10 clients. The firm was subsequently listed on Silent's extortion website. This marks the second known data breach at Jones Day in five years, following a 2021 incident.

What Happened

Jones Day disclosed on April 7, 2026 that an unauthorized third party gained access to internal systems after a successful phishing campaign. The Silent group claimed responsibility for the attack, posting Jones Day on its dedicated extortion site, a tactic consistent with double-extortion operations where stolen data is leveraged to pressure victims into payment. Spokesperson Dave Petrou confirmed the breach involved "a limited number of dated files" and stated that all impacted clients have been notified.

What Was Taken

The attackers accessed files belonging to 10 clients. The identities of those clients have not been disclosed, but Jones Day's client roster includes Goldman Sachs, McDonald's, General Motors, and JPMorgan Chase, the latter retained as recently as February 2026. The firm characterized the stolen files as "dated," suggesting they may not reflect current matters, but the sensitivity of legal data, including litigation strategy, financial records, privileged communications, and M&A details, makes even historical files highly valuable for extortion or competitive intelligence.

Why It Matters

Law firms are high-value targets because they serve as centralized repositories of sensitive data for dozens or hundreds of organizations simultaneously. A single breach at a firm like Jones Day can expose privileged information across the Fortune 500. The FBI issued an alert in 2025 specifically warning that Silent targets American law firms, exploiting what the Bureau described as "the highly sensitive nature of legal industry data." This incident validates that warning and demonstrates the group's continued operational tempo. For defenders in legal services and adjacent industries, this is a signal that Silent remains active and focused on this sector.

The Attack Technique

Silent gained initial access through a phishing attack. According to the FBI's 2025 alert, the group is known to masquerade as legitimate businesses in order to trick employees into downloading malicious software. This social engineering approach bypasses perimeter defenses by targeting the human layer directly. Once inside, the group exfiltrates data before listing victims on their extortion site, a standard double-extortion playbook. The specific malware or post-exploitation tooling used in this incident has not been publicly disclosed.

Prior Incidents

This is not Jones Day's first breach. Hackers stole data from the firm in 2021, an incident linked to the Accellion FTA zero-day exploitation campaign. The recurrence of a major breach at the same firm underscores persistent gaps in security posture, or the reality that elite law firms remain attractive enough targets to draw repeated attention from sophisticated threat actors.

What Organizations Should Do

1. Harden email security. Deploy advanced phishing detection beyond standard spam filters. Implement DMARC, DKIM, and SPF. Evaluate AI-based email analysis tools that detect impersonation and social engineering patterns.
2. Enforce phishing-resistant MFA. FIDO2/WebAuthn hardware keys should be mandatory for all staff with access to client data. SMS and app-based OTP are insufficient against targeted attacks.
3. Segment and restrict access to client files. Apply least-privilege principles so that a single compromised account cannot traverse entire client repositories. Monitor for anomalous file access patterns.
4. Conduct regular, realistic phishing simulations. Test staff with scenarios that mirror Silent's known tactics, including impersonation of legitimate business partners.
5. Monitor extortion sites and dark web forums. Threat intelligence teams should track Silent's leak site for early indicators of compromise before the group makes demands public.
6. Review incident response plans for double-extortion scenarios. Ensure legal counsel, communications, and client notification workflows are tested and current.

Sources: Jones Day Law Firm Says Hackers Accessed Some Clients' Data