Casepoint, a legal technology platform used by multiple US government entities, has been added to a list of victims on a dark web data leak website run by Russia-linked ransomware cartel BlackCat (aka ALPHV).

Casepoint is a cloud-based legal discovery platform used by corporations, law firms, and government organizations. The company works with many high-profile clients such as the US Securities and Exchange Commission (SEC), the Department of Defence (DoD), the US National Credit Union Administration (NCUA), hotel operator Marriott, German industrial giant ThyssenKrupp, academic medical center Mayo Clinic, railway operator BNSF Railway, and others.

The group claims to have stolen 2TB of sensitive data from Casepoint. As proof the cybercrooks posted some samples of allegedly stolen information, including what appears to be visa details, a report and a certificate.

The BlackCat ransomware operation first debuted in November 2021 and since then has consistently been listed among the top ten most active ransomware groups. BlackCat was linked to now-defunct BlackMatter/DarkSide ransomware. In 2022, BlackCat affiliates were linked to attempted extortion of entities globally across multiple sectors including education, government, and energy.

In March 2023, the BlackCat group stole sensitive data from data storage devices maker Western Digital and then mocked the company by leaking a series of screenshots of internal emails and video conferences indicating they still had access to WD’s systems while it was dealing with the hack.