Weil reportedly paid up to $20m after hackers stole client files

Weil reportedly paid between $18 million and $20 million to a cyber extortion group to prevent the publication of stolen client data, according to The Insurer, citing people familiar with the matter.

A Weil spokesperson told Non-Billable the firm had “recently responded to a cyber incident involving a threat actor and the unauthorised uploading of a limited number of client documents to an external cloud storage site”.

The spokesperson added that Weil had activated its incident response protocols, engaged third-party cybersecurity professionals and notified law enforcement after discovering the incident.

“The forensic investigations determined that the threat actor did not obtain access to Weil’s network, nor did the incident disrupt the firm’s operations. Ongoing monitoring has not detected any unauthorised activity,” the spokesperson said.

The firm also said it had contacted affected clients and was continuing to monitor for any unauthorised activity.

Unlike conventional ransomware attacks, where hackers encrypt systems and demand payment to restore access, data extortion attacks focus on stolen data. Attackers steal sensitive files and then threaten to publish them online unless the victim pays to stop disclosure.

While Weil has not confirmed that a payment was made, The Insurer reported that payment was made within three days of the demand.

A target on law firms

The incident comes amid growing concern over cyber threats targeting law firms that hold sensitive client information.

An FBI private industry notification issued in May 2025 warned that the group allegedly behind the Weil attack - Silent Ransom Group (also known as Luna Moth or Chatty Spider) - had been “consistently” targeting US-based law firms since 2023 because of “the highly sensitive nature of legal industry data”.

The FBI issued a new industry warning this week and said the group had evolved its tactics with attackers increasingly impersonating internal IT staff and in some cases physically attending offices to gain access to devices and steal data.

Hackers strike again

The Weil incident follows another high-profile encounter involving the same group.

Jones Day confirmed in April that hackers had accessed firm data. The Insurer reported that a $13 million demand went unpaid in connection with the attack.