Florida insurance industry attorney notifies 10K+ people of data breach

Bronstein & Carmona, a Fort Lauderdale law firm that defends auto insurance companies, over the weekend confirmed it notified 10,792 people about a February 2024 data breach.

The attorney did not publicly disclose what information was compromised. It is offering eligible victims free credit monitoring and identity theft insurance, which implies the data contained Social Security numbers and/or other information that criminals could use for identity fraud.

Ransomware gang Clop claimed responsibility for the breach shortly after it occurred. Bronstein & Carmona have not verified Clop’s claim.

Clop posts B&C on its leak site.
Clop posts B&C on its leak site.

“B&C identified unauthorized activity in its computer network on February 2, 2024,” the firm’s notice to victims states. “Specifically, files related to our legal matters were stored in a B&C network location that was subject to unauthorized activity.”

We do not yet know whether the law firm paid a ransom, how much Clop demanded, or how attackers breached Bronstein & Carmona’s network. Comparitech contacted the firm for comment and will update this article if it responds.

Who is Clop?

Clop, or Cl0p, is a notorious ransomware gang that first surfaced in 2019. In 2023, is was a top perpetrator of attacks that exploited a vulnerability in the MOVEit file transfer software, including attacks on the BBC, British Airways, and Shell, among many others. Its other big exploits include zero-day attacks on users of GoAnywhere and Accellion software.

Clop has claimed 70 confirmed ransomware attacks since it began posting victims on its leak site in 2019. Those attacks compromised 111.4 million records. The group has been quieter in 2024, with just three confirmed attacks to date.

In April 2024, Clop claimed responsibility for confirmed attacks on Complex Legal Services in California (28,751 victims) and New Jersey Oral and Maxillofacial Surgery (74,413 victims).

Ransomware attacks on lawyers

Comparitech researchers logged 10 confirmed ransomware attacks on law firms and other organizations in the US legal sector so far in 2024, compromising 64,286 people’s private information. The 2024 figures are on track to decline from 2023, which saw 41 attacks compromise 1.6 million records.

The average ransom for an attack on a US law firm is $428,000. That figure is even higher when counting law firms outside of the US.

It a similar recent such attack, ransomware gang 8Base claimed responsibility for a March 2024 breach at Dunn, Pittman, Skinner, & Cushman, which issued data breach notices to 317 people in October 2024.

About Bronstein & Carmona

Bronstein & Carmona is a law firm founded in 2011 in Fort Lauderdale, Florida. The attorney defends insurance companies in cases dealing with automobile negligence, bodily injury, bad faith claims, HOA and condo litigation, and homeowners’ claims.