New York law firm Heidell, Pittoni, Murphy and Bach (HPMB) has agreed to pay $200,000 to settle a data-breach lawsuit related to the now-notorious Hafnium Microsoft Exchange attacks that siphoned sensitive data from victims around the world.  In 2021, months after Redmond had fixed the security flaws in servers running its code, criminals exploited these vulnerabilities to gain access to HPMB’s unpatched systems (and many others) before deploying ransomware and stealing sensitive data belonging to the firm’s clients, including hospitals. After breaking into the law firm’s email server, the crooks stole copies of tens of thousands of files containing health-related info, names, dates of birth, social security and drivers’ license numbers, and biometric data belonging to 114,979 individuals, according to court documents [PDF].

Read full article on The Register