A hacker attack on Pennsylvania-based law firm Carpenter, McCadden & Lane (CML) exposed thousands of individuals, with threat actors potentially accessing private user details.
Attackers penetrated CML’s systems in mid-April 2024, the law firm told impacted individuals in a recently published data breach notification. According to information CML submitted to the Maine Attorney General’s Office, individuals’ names and other information may have been exposed in the attack – the law firm did not specify what type of data that may have been.
However, in September of 2024, CML was posted on the Meow ransomware gang’s dark web leak site, used to showcase their latest victims. At the time, cybersecurity researchers reported that attackers claimed they’d got their hands on a whopping 100 gigabytes of data, including employee data, client information, scans of payment documents, and other details.
🚨 MEOW Ransomware Alert 🚨
undefined FalconFeeds.io (@FalconFeedsio) September 12, 2024
Carpenter McCadden & Lane, LLP 🇺🇸
Carpenter McCadden & Lane, LLP, a law practice in the USA, has fallen victim to MEOW ransomware. The group claims to have obtained 100 GB of confidential data, including employee data, client information, scans of… pic.twitter.com/W8BDhxPHu6
While data CML submitted to Maine’s Attorney General doesn’t link the two incidents, there’s no information about other data security incidents the law firm faced over the last year.
Interestingly, the law firm’s breach notification claims that even though the data breach took place in April of 2024, it was only discovered in late March of 2025.
Over 7,900 individuals were impacted by the attack.
Threat actors often target law firms because such organizations harbor extremely sensitive information. Some data points could be protected by attorney-client privilege and could be exploited against victims. Moreover, law firms often house valuable business data, coveted by hacker groups dealing with corporate espionage.
Meow ransomware was first identified in August 2022, around the same time one of Conti-linked threat actors publicly released Conti’s ransomware strain, researchers at Check Point Security claim. The gang managed to climb to the top of the ransomware food chain, peaking at number two in August 2024.
According to Cybernews’ dark web monitoring tool, Ransomlooker, the gang victimized over a hundred organizations over the last 12 months, disappearing from the radar at the beginning of 2025.
Your email address will not be published. Required fields are markedmarked