Casepoint says it\u2019s investigating a potential cybersecurity incident after hackers claimed to have compromised the legal technology platform to steal terabytes of sensitive data.<\/p>\n

U.S.-based Casepoint offers a legal discovery platform for litigation, investigations and compliance that is used by government agencies, corporations and law firms. The organization boasts a number of high-profile clients, including the U.S. Courts, the Securities and Exchange Commission (SEC), the U.S. Department of Defense (DoD), hotel operator Marriott and medical giant Mayo Clinic.<\/p>\n

In a statement to TechCrunch, Casepoint co-founder and chief technology officer Vishal Rajpara confirmed the company had \u201cactivated our incident response protocols\u201d on May 30 and \u201cengaged an external forensic firm to help us investigate a potential incident.\u201d<\/p>\n

While Rajpara declined to confirm the nature of the incident, he didn\u2019t dispute claims that Casepoint was targeted by the ALPHV ransomware gang, which this week claimed responsibility for attacking the organization by listing its stolen data on its dark web leak site. The Russia-linked gang, also known as BlackCat, claims to have stolen two terabytes of sensitive information from Casepoint, including data from the U.S. government, and \u201cmany other things you have tried so hard to keep,\u201d the gang said.<\/p>\n

Samples of the exfiltrated data, seen by TechCrunch, include sensitive health information from a Georgia-based hospital, a legal document, a government-issued ID and an internal document allegedly issued by the FBI. The FBI did not respond to TechCrunch\u2019s request for comment.<\/p>\n

In an update published on May 31 \u2014 after Casepoint confirmed it was investigating the incident \u2014 ALPHV also shared what appears to be login details for the company\u2019s internal systems.<\/p>\n

Rajpara told TechCrunch that Casepoint remains \u201cfully operational and have experienced no disruption to our services,\u201d adding that \u201cthe third-party forensic firm that we have engaged is currently running scans and deploying advanced endpoint detection monitoring tools and will be looking for signs of suspicious activity.\u201d<\/p>\n

\u201cWe are early on in our investigation and are committed to keeping our clients informed as we learn more,\u201d Rajpara said.<\/p>\n

Rajpara declined to say whether the company has the technical means to detect what data was accessed or exfiltrated or whether the company has received any communication, such as a ransom demand, from the ALPV ransomware group.<\/p>\n