The hack of software provider Accellion USA LLC has renewed security experts’ fears of attacks on suppliers and highlighted the difficulty of defending against them in real time.
A growing list of affected customers have shared timelines of the attack and claims of inadequate software patches that at times contradict the vendor’s account of events. The disclosure this week that victims include Jones Day—a law firm that handles sensitive information for clients—underscores how individuals who don’t interact with Accellion directly nonetheless might be exposed, security experts say.
These moving parts can complicate the response for all victims and start a blame game that could end up in court to determine liability, said Anthony J. Ferrante, global head of cybersecurity at
“The finger-pointing is just beginning,” said Mr. Ferrante,