Jones Day's Hackers Didn't Break In. They Were Invited

On April 6th, Jones Day confirmed that a cybercriminal group called Silent had breached the firm and accessed files belonging to ten clients. The data had already been posted to a dark web leak site a week earlier. All impacted clients have been notified, though their identities remain undisclosed.

This is the second time Jones Day has had client data exfiltrated by hackers. The first was in 2021, when the Clop ransomware group exploited vulnerabilities in the Accellion file transfer appliance and claimed to have walked away with over 100 gigabytes of data. Jones Day maintained that the breach occurred through Accellion's infrastructure, not their own network.

Which was true, and also entirely beside the point if you were one of the clients whose files ended up on a leak site.

Five years apart, two different threat actors, two different attack vectors. And yet the pattern is identical in one respect that I think deserves considerably more attention than it's currently receiving.

Neither attacker needed to breach the firm's perimeter.

I. The perimeter delusion

There is a comforting narrative in legal cybersecurity that goes roughly like this: invest in the firewall, harden the network, train the staff, run the tabletop exercises, hire a decent CISO, and you've done the responsible thing. And to be fair, most of that is true. You should do all of those things. Jones Day, by all accounts, is not a firm that treats cybersecurity as an afterthought.

The problem is that the threat model has moved. It's moved in a direction that makes the traditional perimeter-centric approach increasingly insufficient, not because the perimeter controls are bad, but because the attackers have stopped caring about them.

In 2021, Clop didn't breach Jones Day's firewall. They breached Accellion's file transfer software. The data was vulnerable not because Jones Day's internal security failed, but because the data was in transit through a third-party system that had a vulnerability nobody had patched. The firm's perimeter was intact. The data was gone.

In 2026, Silent didn't storm the castle walls either. The FBI's 2025 advisory on the Silent Ransom Group, also known as Luna Moth or Chatty Spider, describes a group that has essentially made law firms its speciality. Since 2022, their method has been disarmingly simple. They send phishing emails disguised as subscription charges, usually under $50, with a phone number to call for "cancellation." When the target calls, they're walked through installing remote access software under the guise of processing a refund. Zoho Assist, AnyDesk, Syncro. Legitimate tools. Nothing that would trigger a network anomaly alert.

By March 2025, they'd refined this further. Direct phone calls impersonating internal IT staff, asking employees to join remote sessions for "overnight maintenance." Once inside, they escalate privileges and use standard file transfer tools like Rclone and WinSCP to exfiltrate data. The FBI notes that ransom demands range between one and eight million dollars, calibrated to the target's size. By the time they reached Jones Day in early 2026, the playbook was well rehearsed.

Consider for a moment what this means in practical terms. An attacker doesn't need a zero-day exploit. They don't need to find a vulnerability in the firm's network architecture. They need one person to install a legitimate remote access tool, and then they can use legitimate file transfer utilities to move data out. The perimeter never registered an intrusion because, technically, there wasn't one. Someone opened the door from the inside and handed over the keys.

This is not a story about inadequate cybersecurity. It's a story about a threat model that has evolved past the controls most firms are still optimising for.

II. The hacker's lens

I spent some time in a previous piece thinking about law firm security from the attacker's perspective, and I think the Jones Day breach makes that exercise worth repeating. Because when you look at a modern law firm through the eyes of someone trying to steal its data, the picture is instructive and, I suspect, rather different from the one most security committees are reviewing.

You are an attacker. You want to exfiltrate sensitive legal data from a major firm. You have a few options.

Option one: attack the firm's internal network directly. This is hard. Large firms invest heavily in perimeter defence, endpoint detection, network segmentation, and monitoring. You'd need to find and exploit a vulnerability, move laterally without triggering alerts, locate the data you want, and exfiltrate it without being caught. This is expensive, time-consuming, and increasingly likely to fail against well-resourced targets.

Option two: attack the tools and systems the firm uses to process, transfer, and store client data outside its own network. This is considerably easier. Law firms now route client data through an expanding constellation of third-party systems. File transfer appliances. Cloud document platforms. AI model providers. E-discovery tools. Client portals. Communication platforms. Each one is a potential interception point, and each one sits outside the firm's direct security control.

Option three: attack the people. Send a convincing phishing email. Make a phone call. Get someone to install remote access software. Once you're inside a single workstation with legitimate credentials, you don't look like an intruder. You look like a user. And the data accessible from that workstation, the client files, the privileged communications, the matter details, it's all sitting there in cleartext, waiting to be copied.

Silent chose options two and three, depending on the engagement. Clop chose option two. Neither bothered with option one. And this tells you something important about where the actual vulnerability lies.

The firm's firewall was never the target. The data was the target. And the data was accessible through channels that the firewall doesn't govern.

What the attacker found

When Silent breached Jones Day, the files they accessed were real. Real client names. Real matter details. Real privileged information. The data sitting on that workstation, in those file transfer systems, in whatever middleware the firm uses to route work between internal and external systems, was exactly what it appeared to be. It was identifiable, attributable, and valuable.

This is the part that I believe the industry needs to think about much more carefully.

The implicit assumption in most law firm security architecture is that if you defend the perimeter effectively, the data behind it is safe. But the data isn't behind the perimeter anymore. It's in transit through third-party tools, sitting in cached sessions, passing through middleware that the firm may not even have full visibility into. And when an attacker reaches it, through phishing, through a third-party vulnerability, through social engineering, they find the real thing. Unprotected. Unaliased. Exactly as sensitive as it was the day the client entrusted it to the firm.

What the attacker should have found

Now run the same scenario with one change.

Before any client data leaves the firm's controlled environment, before it enters a file transfer system, before it's accessible from a workstation that could be compromised, before it transits through any third-party middleware, it's pseudonymised. Every client name replaced with a contextually plausible alias. Every matter reference substituted. Every identifying detail transformed in a way that preserves the data's structural utility but severs its connection to any real person or engagement.

The attacker breaches the workstation. They escalate privileges. They use Rclone to exfiltrate everything they can reach. They post it to their dark web leak site, issue a ransom demand, and sit back to wait.

And then they start reading what they've stolen.

The names don't match any real clients. The matter references lead nowhere. The financial details don't reconcile against any public filings. It's all coherent, well-structured, and entirely fictional, the kind of output that would survive a cursory glance but collapses the moment anyone tries to act on it.

The ransom demand has no leverage because there's nothing to threaten to release, and the leak site post embarrasses nobody because the "clients" don't exist. The firm's actual client data never left its controlled environment.¹

This is, I think, the difference between defending the castle and making the treasure useless to anyone who steals it. Both strategies have merit. But only one of them survives the moment the castle is breached, and if Jones Day's experience teaches us anything, it's that castles get breached. Repeatedly. By different people. Using different methods. The common factor is that the treasure was real both times.

III. The pattern that should concern everyone

Jones Day is not uniquely negligent. I want to be explicit about this because it would be easy, and lazy, to read this piece as an indictment of a specific firm. It isn't. Silent has also breached Wood Smith Henning & Berman and Orrick, Herrington & Sutcliffe this year alone. The FBI's 2025 advisory warned that the group has been targeting law firms systematically since 2023, specifically because of what the Bureau described as "the highly sensitive nature of legal industry data."

This is an industry-wide exposure, and it follows a logic that I believed for a very long time, will intensify rather than recede.

Law firms are attractive targets precisely because they are intermediaries. They hold data that belongs to other organisations, often data more sensitive than what those organisations hold themselves. Merger strategies, litigation positions, regulatory vulnerabilities, commercial disputes, intellectual property filings. The data is concentrated, high-value, and typically held across multiple client matters, which means a single breach can compromise dozens of relationships simultaneously.

And the attack surface is expanding, not contracting. Every new AI tool, every new cloud platform, every new integration between a firm's internal systems and external service providers creates another transit point, another piece of middleware where client data exists, briefly or otherwise, outside the firm's direct control. Each one is a potential vulnerability, and the attackers are getting more sophisticated at finding them whilst, simultaneously, making their attacks look more mundane. A phone call. A subscription cancellation. A remote access tool that every IT department in the country uses legitimately.

The perimeter is not irrelevant. Nobody should read this and conclude that firewalls and endpoint detection are wasted investment. They aren't. But the perimeter is necessary and not sufficient, and the Jones Day breach, coming five years after the last one, using a completely different attack vector, arriving at exactly the same outcome, is about as clear a demonstration of that principle as the industry is likely to get.

IV. The architecture question

If the perimeter cannot guarantee that client data stays inside the firm's controlled environment, and I think two breaches in five years suggests it cannot, then the question becomes: what state is the data in when it leaves?

This is where the conversation needs to shift. The legal industry has spent the last several years investing heavily in infrastructure security. Access controls, network monitoring, endpoint detection, staff training, incident response planning. All of that matters. All of it should continue.

But the data protection layer, the part that determines what an attacker actually gets when they breach those controls, has received comparatively little attention.

In most firms, the data flowing through third-party systems, through file transfer tools, through AI platforms, through the middleware that connects everything together, is in cleartext. Identifiable. Attributable. Exactly as sensitive as it would be sitting in the firm's own document management system.

AliasPath™ was built to address this specific gap. Pseudonymisation at the verification boundary, before data leaves the firm's controlled environment, transforms the consequence of every breach scenario. The perimeter still matters, and so does the monitoring and the training. But when those controls fail, and the Jones Day pattern tells us they will fail, the data on the other side is non-attributable. Structurally coherent, operationally useful, and completely decoupled from any real client identity.

The workflow carries on as normal. The model processes the data, the agent completes its loops, the file transfer finishes on schedule. From the user's perspective, nothing has changed. From the perspective of anyone who intercepts that data, whether through a breach, a compromised vendor, an insider threat, or an e-discovery request that lands in the wrong hands, everything has changed. The data they're looking at doesn't connect to any real person or matter. The AliasPath keys that would reconnect alias to identity sit inside the firm's own infrastructure, and they never left.

I keep coming back to this: the firms that treat data protection as a separate discipline from infrastructure security, rather than assuming one covers the other, will be the ones that survive this pattern intact. The firms that continue to rely exclusively on the perimeter will continue to appear in breach notifications. The technology is different each time. The outcome is the same.

V. The verdict

Jones Day will recover from this. They recovered from the last one. They're a well-resourced firm with experienced counsel and, presumably, insurance adequate to the occasion.

But the clients whose data was exfiltrated didn't choose to be part of this story. They entrusted their most sensitive information to a firm they believed would protect it, and that information is now on a dark web leak site, posted by a group whose entire business model is leveraging exactly this kind of material for extortion.

The question for every law firm, not just Jones Day, is whether the current security architecture accounts for the world as it actually is, or the world as it was five years ago. Because the attackers have moved on from firewalls. They're targeting the data in transit, the middleware, the tools, the people. And they're finding real data every single time.

I believe there will be more of these. Different firms, different groups, different vectors. The same outcome. And at some point, the industry will have to reckon with the possibility that the answer isn't a better castle. It's making the treasure worthless to anyone who steals it.

The regulatory ratchet only turns one way. The SRA, the ICO, the EU AI Act enforcement apparatus, none of them are becoming more lenient. The firm that can demonstrate its client data was pseudonymised before it ever entered a compromised system is in a materially different regulatory and reputational position from the firm that has to explain why real client names are circulating on the dark web.

One of those conversations ends with a remediation plan. The other may well end with a client list that gets shorter.²

¹ There is something almost poetic about the idea of a ransomware group spending weeks negotiating over data that turns out to be about fictional clients with fictional problems. One imagines the operational meeting where someone has to explain to the group's leadership that the leverage they've been threatening to deploy is, in fact, an elaborate work of pseudonymised fiction. That's not a conversation anyone wants to have, least of all in an organisation where performance reviews presumably involve rather more menace than the average law firm's.

² Bloomberg reported the breach on April 6th. The Silent Ransom Group had posted the data to their leak site on March 30th. That's a week of client data sitting on the dark web before the firm publicly confirmed the incident. A week during which anyone with a Tor browser could browse it. If that data had been pseudonymised, the week would have been irrelevant. It would have been a week of browsing fiction.