Hacker Leaks Files from Jones Day Law Firm, Which Worked on Trump Election Challenges

"We hacked their server where they stored data, on attempts to 'settle' they responded with silence and we had to upload the data," the hackers said.
Image: Michael M. Santiago/Getty Images
Screen Shot 2021-02-24 at 3
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

Hackers have stolen and leaked files belonging to the Jones Day law firm, one of the largest law firms in the world. The firm famously and controversially worked on some of Donald Trump’s immediate challenges to the 2020 election results.

The hackers who run the Cl0p ransomware recently posted several gigabytes of data on a dark web site where they advertise their breaches. The breach was first reported by the website


"We hacked their server where they stored data, on attempts to 'settle' they responded with silence and we had to upload the data," someone in control of an email address listed on the darkweb site purporting to be the hackers said in an email to Motherboard. "We emailed them and they ignored us for over a week. We did not encrypt their network, we only stole the data."

"They did not answer us, we invited them to enter our chat, they entered but were silent," they added.

Screen Shot 2021-02-16 at 6.11.04 PM.png

Image from darkweb site.

Jones Day did not immediately respond to a request for comment, but confirmed the hack in a statement to The Wall Street Journal, in which the law firm blamed the data breach on Accellion, a company that provides a file sharing system and that was recently hacked

An Accellion spokesperson said in a statement that the company “is conducting a full assessment of the FTA data security incident with an industry-leading cybersecurity forensics firm. We will share more information once this assessment is complete. For their protection, we do not comment on specific customers. We are working with all impacted FTA clients to understand and mitigate any impact of this incident, and to migrate them to our modern kiteworks content firewall platform as soon as possible.”

The Tor hidden service listing the data is currently offering 20 caches allegedly related to Jones Day, ranging from 1.5GB up to around 4.5GB. One of the caches is marked as "extracted emails." 


As has become more common from financially motivated extortion campaigns, the hackers are also listing data allegedly obtained from a number of other companies.

"We can't guarantee that no one will hack you! But we can guarantee you that your specialists will close the holes that contribute to penetration and distribution. Invest in the knowledge of your network administrators or suffer losses from not knowing they them!" the hackers wrote on the site.

Last year, the Cl0p hackers sent phishing emails to victims nearly each work day to gain an initial foothold on networks, and then focused more specifically on corporate networks, according to a January blog post from Deutsche Telekom Security. They started hosting data on their website in Spring 2020, the post says.

"CL0P is one of the ransomware gangs that adopted the double extortion technique. Before they deploy their ransomware, they exfiltrate up to terabytes of sensitive data from the victim’s network. In case the victim had proper backups setup and is not willing to pay the ransom, they still can threaten to publish this data on their leak portal CL0P^-LEAKS," the blog post reads.

Deutsche Telekom Security added that Cl0p is deliberately hunting out data belonging to company executives.

"Several of their recent ransom notes explicitly name data stolen from workstations that belong to top executives (including founders/CEOs) of the respective enterprises. This is likely based on the hope that using data stolen from top executives in the extortion process raises their chances that the victim pays," the post added.


Jones Day was widely criticized immediately after the election for working with Donald Trump in some of his many attempts to overturn the election. The Lincoln Project started a public relations campaign against the firm attempting to get it to stop representing him in the days immediately following the election. It was a rare case where lawyers around the country began to weigh in about the ethics of representing a specific client, and the New York Times published an article in which lawyers inside the firm said they had asked higher ups there to stop representing him. Even after Biden's inauguration, the firm has continued to work with Trump, even as several other law firms that previously represented him had dumped him.

When asked what their motivation was, the people purporting to be the hacker said: "And what do you think? ;-) financial of course."

Of course, Jones Day has massive clients beyond Donald Trump; it is one of the largest and most powerful law firms in the world. notes that Jones Day is the 14th largest law firm by revenue in the world, with more than 2,500 lawyers and $2 billion in annual revenue. The Dun & Bradstreet data analytics firm notes that Jones Day has represented more than half of all Fortune 500 companies in some fashion. 

This story was updated to include a statement from Accellion.

Subscribe to our cybersecurity podcast CYBER, here.