Grubman, Shire, Meiselas and Sacks, the New York-based law firm that is renowned for looking after the legal affairs of global superstars, has been hacked in a devastating cybersecurity breach. The hacking group, presumed one that uses the tags REvil and Sodinokibi, has acquired 756GB of data from the legal eagles’ servers, which the hackers say contains “contracts, telephones, email, personal correspondence, non-disclosure agreements and more.”

The motivation for the cybersecurity attack is for the hackers to secure a fat ransom payment. A post on the dark web, considered to be a ‘shot across the bows’, included a photo showing digital files with the names of celebrities including Elton John, Nicki Minaj, Idina Menzel and Bruce Springsteen. There was also a ‘Facebook’ file and pictures of letters signed by Christina Aguilera and Madonna’s tour agent.

The post also contained the direct threat that the files would be made publicly available if Grubman, Shire, Meiselas and Sacks do not pay the group an undisclosed sum. REvil/Sodinokibi were identified by Emsisoft cybersecurity analyst Brett Callow as most likely responsible.

The same group, if Mr Callow is right, was also responsible for a hack on Travelex, the foreign exchange company. The hack took down the company’s systems for several days, as well as effecting banks including Barclays, Royal Bank of Scotland, HSBC and NatWest, who all use Travelex’s services for forex exchanges and transfers. Travelex has declined to confirm if it eventually paid the ransom or not.

Other victims of the same group of hackers are believed to include the National Eating Disorders Association, Brooks International and the biotech company 10x Genomics. However, with tens to hundreds of international stars on its books, the Grubman, Shire, Meiselas and Sacks is likely to be the highest profile yet.

Sony Entertainment’s reputation suffered a huge blow when it was hacked and the emails of thousands of Hollywood insiders were leaked. One producer was revealed as having made jokes about then president Barack Obama’s race, while another described Angelina Jolie as a “minimally talented spoiled brat who thought nothing of shoving this off her plate for eighteen months so she could go direct a movie” in reference to the casting for a Cleopatra film then in development.

That hack was pinned on North Korea, whose regime were apparently enraged by a film called The Interview, due to be released in cinemas and which mocked the country’s dictator Kim Jong-un. They rogue state wanted it withdrawn from cinemas.

The fall-out of this hack could be even more spectacular. While the Sony leaks were mainly emails of Hollywood heavyweights who remain behind the camera and run the business side, these hackers look like they have files on the legal machinations of the stars themselves.

David Castaneda of CybeX, a London-based cybersecurity start-up stated:

“The reality is that too many companies, especially those who hold sensitive data, do not take the kind of precautions necessary to put off high level hackers. They still think it’s unlikely to be them and rely on out-of-the-box retail cybersecurity solutions that are really not up to the job. Even those who do spend on customised cybersecurity often don’t understand enough about what they are buying and how secure their servers and the rest of their IT infrastructure actually is. By the time they find out it is, unfortunately, usually too late”.