Estate planning law firm Carrell Blanton Ferris & Associates this week confirmed it notified an undisclosed number of people about an October 2023 data breach that compromised names, Social Security numbers, dates of birth, driver’s license numbers, state ID numbers, passport numbers, taxpayer ID numbers, account numbers, routing numbers, digital signatures, payment card numbers and expiration dates, medical information, and health insurance information.
Ransomware group ThreeAM claimed responsibility for the breach, which lasted from September 5 to November 1, 2023. The law firm discovered the breach on October 30, 2023, according to the notice (PDF).
We do not yet know how attackers breached the firm’s network, how many people are affected, whether the firm paid a ransom, or how much the ransom was demanded. Comparitech contacted Carrell Blanton Ferris & Associates and will update this article if it responds.
The firm says not all of the above listed information was impacted for every person. Victims whose Social Security numbers were compromised can take advantage of free credit monitoring services offered by the law firm. Victims should monitor their accounts, credit report, taxes, and medical bills for suspicious activity that could indicate identity theft.
Who is ThreeAM?
ThreeAM, or 3AM, first surfaced in 2023 as an alternative to LockBit, a prominent ransomware strain. ThreeAM rose to prominence when targets began blocking LockBit on their networks.
Its first confirmed attack took place in September 2023. Comparitech researchers tracked just two confirmed ThreeAM attacks in all, plus 28 unconfirmed attacks. Aside from Carrell Blanton Ferris, the other confirmed attack was on Kootenai Health.
Ransomware attacks on US law firms
In 2023, 36 US legal firms were hit with ransomware attacks, affecting 1,558,550 records, according to our data. The biggest attack was on Orrick, Herrington & Sutcliffe, which affected 637,620 records.
So far this year, we’ve recorded four such attacks affecting 7,016 records. We have also tracked 60 unconfirmed attacks on US law firms so far this year. Other law firms hit by ransomware in 2024 include Sanford, Pierson, Thone & Strean, PLC, Newman Ferrara LLP, and D’Amico & Pettinicchi, LLC.
About Carrell Blanton Ferris & Associates
Carrell Blanton Ferris & Associates is a Virginia law firm specializing in estate planning, trust and estate administration, and elder law. It employs 14 attorneys across four locations in Fredericksburg, Richmond, Virginia Beach, and Williamsburg.