-
Threat actors exfiltrated 185,047 litigation files with personal details, such as medical records and personal IDs, before publishing them on the dark web.
-
Logos received a fine of 523 million Korean won for the cyber breach, worth 1.59 TB.
-
The stolen datasets contain massive amounts of personal details, including contact details, addresses, and more.
The leading Law Firm Logos in Korea suffered a significant data breach, in which the firm inadvertently disclosed 185,047 litigation documents. According to a recent report, the firm also received a fine of 523 million Korean won.
Threat actors stole 1.59 terabytes of data and dumped the entire haul on a dark web forum.
They comprise detailed information such as names, addresses, contact details, medical records, criminal history, and financial records.
The Logos Law Firm Data Breach Incident
Logos commented on the data breach, saying that it is the obligation of a law firm to protect the details of its clients, which are entrusted to its care. The firm apologized to the public for not fulfilling its “basic responsibilities,” and also for bringing inconvenience and concern to customers.
On November 21, 2025, Korea’s Personal Information Protection Commission (PIPC) mentioned that it would add a 6 million won penalty on Logos. The agency said this was because the firm defaulted on administration, after the serious cyber attack the law firm faced.
Earlier, following investigations, the agency confirmed that the litigation files published on the dark website belonged to Logos. The PIPC noted that the attackers stole Logos’ administrator account details, such as passwords and login IDs, from July to August 2024.
Following that, they accessed its internal intranet and exfiltrated 43,892 case management documents. Eventually, the attackers made away with more than 185,047 court-related files.
Some of these include court rulings, complaints, evidence, medical files, and even records of financial transactions. It is worth stating that these files usually comprise massive volumes of sensitive personal information. This information includes names, criminal histories, health records, addresses, contact details, and even account numbers.
In addition, the attackers neutralised one of Logos’ key servers by infesting its mail servers with ransomware. As a result, the law firm had to rebuild the entire system.
This tactic of hitting law firms with ransomware to both extort money and leak sensitive client data is becoming a common playbook for global cybercriminals. We recently saw when a global ransomware gang targeted an Australian family law firm and leaked its sensitive data.
Logos Firm’s Negligence Led to This
Further investigations found that Logos failed to implement adequate access control and digital security measures, like blocking system access via IP address. Rather, the firms continued to allow their platforms to enable external remote access via only user IDs and passwords, neglecting to address flaws in their websites.
Logos saved crucial personal details like clients’ resident registration numbers without using encryption. It also did not set criteria for destroying stored personal data.
Another error in Logos’ activities was in its communication to the customers. Surprisingly, Logos only contacted the affected customers this September, meanwhile the breach occurred last September.
Law enforcement agencies believe Logos was responsible for the cyber attack and the extent of the breach. Prosecutors believe that its failure to implement proper measures left several hundreds of thousands of clients at risk of impersonation and cyber fraud.
