[Update] Celebrity Law Firm Suffers Ransomware Attack. Here are the Documents the Hackers Released on the Dark Web

Update: May 14, 2020

Apparently, the hackers got tired of waiting for their money. As promised, they released some more documents. As they wrote,

“It seems that GRUBMANS doesn’t care about their clients or it was a mistake to hire a recovery company to help in the negotiations. As we promised, we public the first part of the data because the time is up.”

They chose to ‘public’ Stefani Joanne Angelina Germanotta, more commonly known as, Lady Gaga.

They released several gigabytes of contracts, nondisclosure, agreements, and, quite frankly, a lot of other rather dull legal documents. You can find out about what people such as dancers and designers get paid and get some idea of Gaga’s income. The documents are not recent, mostly dating from 2013 to 2016. I put a few of the more interesting findings at the end of this report.

Although this hack was known to those in the cybersecurity community for about a week now, it suddenly shot into the headlines in the last couple of days. This was due, primarily, to an article published in entertainment Bible, Variety, two days ago titled, Hacked Law Firm Informs Clients Like Lady Gaga and Bruce Springsteen of Data Breach. And that’s the way it’s been framed in the news. Mention some big stars (Madonna, Elton John, Lady Gaga) and make it seem like they were the ones who were hacked. So let me set the record straight.

This attack took place on the law firm that represents many top performers; the law firm of Grubman Shire Meiselas & Sacks. The attack was a ransomware attack, which means that they infiltrated the firm’s network and encrypted all the firm’s files. It has also been reported that they stole 756GB of data. That’s probably not true. If they actually exfiltrated this much data, they must have been on the site for an awfully long time. It’s possible, but unlikely. True, they probably control access to this much data, but that’s a different matter.

Disclaimers aside, this is still a major breach. Although stars like Madonna have not been directly hacked, the criminals could have gathered enough information on her or others to design a first-rate spearphishing attack, so any celebrities, individuals, or enterprises who have ever done business with this firm should be aware of the fact that they may become targets. In fact, they may have already been targeted. Only time will tell.

So who are these stars? According to the information released on the dark web by the hackers, they include Madonna, Lady Gaga, Bruce Springsteen, Elton John, Lizzo, Barbara Streisand, Christina Aguilera, Mariah Carey, Nicki Minaj, Run DMC, Mary J. Blige, and a host of others. Besides celebrities, they apparently have control over information on many other, very important clients. (*see a more complete list of important clients at the end of this post)

Grubman Shire Meiselas & Sacks is now offline. The cybercriminals behind the attack, known as Sodinokibi or REvil, are giving the firm an unspecified amount of time to pay a ransom, or they will release more documents. Supposedly, if the ransom is paid, the hackers will decrypt the files. Maybe they will. Maybe they won’t. The criminals apparently began the hack by compromising the firm’s VPN using a known, but clearly unpatched, vulnerability. They then stole the network logs, probably got someone’s login credentials, and used these to breach the network. The documents were released to prove that they control the firm’s network.

The first document shows celebrity folders.



The second group consists mostly of files of other clients.


The next document is an agreement with Christina Aguilera.


Then there is a document concerning an agreement with a man called, Allen Haley, who worked as a carpenter for Madonna’s Madame X Tour, which just ended in March due to the coronavirus. Does it matter? Sure, if he has contacts with Madonna, hackers can exploit the connection.



Finally, there is a confidentiality agreement between Brandon Hamlin and Melissa Jefferson. Between who and who? Brandon Hamlin, sometimes known as, B Ham, is a record producer. Melissa Jefferson is better known as grammy winner, Lizzo. So much for confidentiality.


I’ll let you know if these hackers dump any more documents or if there are further developments. Remember, don’t let one compromised employee bring down your company. Protect those endpoints with high quality architecture. One way or another, this law firm is going to take a serious financial hit.



*Here is a more complete list of Grubman Shire Meiselas & Sacks’ most important clients as given in the Variety article.

“On the music front, according to the firm’s previously published list of clients, those include: AC/DC, Avicii, Barbra Streisand, Barry Manilow, Bebe Rexha, Bette Midler, Bruce Springsteen, the David Bowie Estate, Drake, Elton John, Fiona Apple, Future, Jessie Reyez, John Mellencamp, Lady Gaga, Lil Nas X, Lil Wayne, Lionel Richie, Lizzo, Madonna, Maroon 5, Nas, OK Go, Ricky Martin, Rod Stewart, Shania Twain, Sting, The Weeknd, Timbaland, Tony Bennett, U2, Usher and the Whitney Houston Estate.

Other talent and execs repped by Grubman Shire Meiselas & Sacks include Andrew Lloyd Webber, Barbara Walters, Clive Davis, David Geffen, David Letterman, Diane Sawyer, Gayle King, Iman, Irving Azoff, Jimmy Iovine, Kate Upton, Maria Shriver, Mariska Hargitay, Martha Stewart, Meg Ryan, Mikhail Baryshnikov, Nancy Grace, Naomi Campbell, Priyanka Chopra, Richard Plepler, Robert De Niro, Shay Mitchell, Sofia Vergara, Spike Lee, and the Osbournes (Ozzy, Sharon and Kelly).

Athletes who are listed as clients include Cam Newton, Colin Kaepernick, Henrik Lundqvist, LeBron James, Mike Tyson, Scottie Pippen, Sean Avery, Sloane Stephens and Victor Cruz.

In addition, companies on the firm’s client roster include Activision, Azoff MSG Entertainment, Discovery, EMI Music Group, Facebook, Focus Features, HBO, iHeartMedia, Imax, IAC, Live Nation, Martha Stewart Living Omnimedia, MTV, NBA Entertainment, the Nederlander Organization, Playboy Enterprises, Samsung Electronics, Scott Rudin Prods., Sony Corp. and Sony/ATV Music Publishing, Spotify, Tribeca Film Festival, Universal Music Group and Vice Media Group.”

May 14, 2020 Updates

Apparently, artist Jeff Koons got some Gaga cash.



Then there’s the t-shirt she helped design. I might pass on this.


Here’s a picture from a photo shoot with Jamie Lee Curtis.


And probably the weirdest thing I found was a lawsuit brought against Gaga by the French ‘body sculpture’ artist, Orlan. She accused Gaga of copying her sculpture and using it on her album. This makes no sense at all to me, but the ‘artist’ seems to claim that she used the ideas behind the sculpture. Here they are together. You can hardly tell them apart.


Well, maybe there’s no doubt in the lawyer’s mind because he hopes to profit from this flagrant breach. The suit goes on to state.


All those who think this is a frivolous lawsuit, please raise your hands.



One thought on “[Update] Celebrity Law Firm Suffers Ransomware Attack. Here are the Documents the Hackers Released on the Dark Web

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s