FBI: Silent Ransom Group Extortion Gang Targeting U.S.-based Law Firms

FBI warns of in-person data theft attacks from extortion gang

The FBI warned on Tuesday that the Silent Ransom Group (SRG) extortion gang is now targeting U.S.-based law firms in in-person data theft attacks.

"As of Spring 2026, SRG actors use a social engineering scheme to pose as an employee from the victim's IT department. SRG actors either directly call or send phishing emails to urge employees to call the SRG actor posing as IT support," the FBI warned in a Tuesday flash alert.

"While on the phone, the SRG actor directs the employee to grant access to a remote desktop session. If that attempt fails, SRG sends a threat actor to the victim's location to gain access to insert a storage device into the victim's computer."

By going to the victim's location in person, the malicious actors can steal data by connecting USB drives or external hard drives to the victim's computer.

The FBI included the unauthorized installation of external hard drives or USB drives on company computers, and the presence of unidentified or unauthorized individuals claiming to be IT support and attempting to access computers, as possible indicators of an SRG attack.

Wiley Rein Sued for Exposing Sensitive Info After Cyberattack

Washington, DC-based law firm Wiley Rein LLP failed to detect a cyberattack for about eight months, giving hackers access to sensitive consumer data that was stolen and sold on the dark web, according to a proposed class action filed in federal court.

The data breach allegedly exposed thousands of current and former consumers’ names, addresses, dates of birth, financial account numbers, medical information, and Social Security numbers, according to a complaint filed in the US District Court for the District of Columbia. Hackers gained access to the firm’s systems for eight months as early as July 2024, but Wiley Rein didn’t discover the breach until June 2025 and waited until March 2026—nearly two years later—to notify victims, the lawsuit said.

“Cybercriminals had unfettered access to defendant’s systems for a staggering eight months and was not discovered by defendant until almost a year later,” the May 22 lawsuit said.

840M+ files exposed as US delivery company leaks massive file storage

The American last-mile parcel company, SpeedX, spilled hundreds of millions of records online, revealing personal data of numerous US residents, the Cybernews research team discovered in March of this year.

The exposed file storage contained the type of information one would expect from a parcel delivery service, ranging from receiver home addresses to photos confirming that the parcel reached the recipient. SpeedX drivers weren’t spared, either, as the team also found driver’s license photos in the exposed data stash.

Our research team explained that the data leak reveals the massive scale of unprotected records and increases the risk of fraud, social engineering, and identity theft for customers and drivers alike.

“Additionally, files related to parcel information paint a clear picture of how the company operates from the inside, allowing malicious actors to craft more targeted attacks and operational disruptions across the supply chain,” they said.

BWH Hotels Confirms Cyberattack Exposed Customer Reservation Information

BWH Hotels, the parent company of hotel brands including Best Western Hotels & Resorts, WorldHotels, and SureStay Hotels, has disclosed a cybersecurity incident that exposed sensitive guest reservation data.

The company recently began notifying affected individuals after detecting unauthorized access within its systems earlier this year. According to the breach notification, BWH Hotels discovered the incident on April 22, 2026. The organization said attackers managed to obtain customer information stored within a web application connected to hotel reservations.

The stolen data reportedly includes customers’ names, email addresses, phone numbers, and home mailing addresses. Reservation-related details were also accessed, including booking confirmation numbers, stay dates, and special requests submitted by guests during reservations.

While the company did not reveal how many individuals were impacted, the exposed information appears to cover records generated between October 14, 2025, and April 22, 2026. BWH Hotels also did not specify how long the attackers may have remained inside its systems before the intrusion was identified.

Mistral AI Partners With Harvey AI to Bring Models to Legal Sector

Mistral AI is bringing its models to the legal sector under a partnership with the startup Harvey AI, taking aim at a lucrative industry where rivals like Anthropic are expanding aggressively.

The French artificial-intelligence company will feature on a list of models that San Francisco-based Harvey offers on its platform to help law firms and in-house legal teams streamline work in areas like contract analysis, due diligence, compliance and litigation. Mistral models will initially be available to a few customers based in the European Union ahead of a wider rollout.

Lawyers handle troves of text and data, making the legal industry fertile ground for large language models that can help sift through documents. The potential to automate tasks and give lawyers extra time to take on more cases is an incentive to pay top-tier prices for AI tools.

Lowenstein Launches Data360 Evidence Architecture Framework to Help Organizations Demonstrate AI Governance Under Scrutiny

Lowenstein Sandler LLP [on May 26] announced the launch of its Data360 Governance Hub and Evidence Architecture Framework, a methodology designed to help organizations operationalize and demonstrate AI governance at the system level.

As AI adoption accelerates, expectations are converging across regulatory, litigation, insurance, and procurement contexts: organizations must be able to produce evidence that governance controls are functioning, not simply documented.

“AI governance is no longer just about policies,” said Amy Mushahwar, partner and Chair of the firm’s Data Privacy, Security, Safety & Risk Management practice. “It's about whether your organization can reconstruct what its systems did, who authorized them, what controls were in place, and what happened when something went wrong. If you can’t produce that chain of evidence when it’s demanded by a regulator, your board, or a counterparty, then your governance program is a liability.”