Allen Grubman hack is not going away: Universal data allegedly up for auction, with a starting price of $1 million

Who would pay a minimum of $1 million for a tranche of legal documents, including contracts and NDAs, owned by Universal Music Group?

That’s the question being asked by the hacking group calling itself REvil, who claim to be launching a public auction for this confidential information next Friday (July 3).

The Universal data was allegedly obtained by REvil during a cyberattack last month against Grubman Shire Meiselas & Sacks (GSMS), one of the best known law firms in the music business.

REvil claims to have stolen 756 gigabytes of data when they breached GSMS’s network, and at first, threatened to release personal details of the law firm’s clients, including Elton John, Lady Gaga, Barbra Streisand, Lizzo and Madonna, unless GSMS paid them $21m via bitcoin.

The hackers then claimed on the dark web, that within their stolen data haul, they discovered confidential information about President Donald Trump and subsequently upped the GSMS ransom to $42m.

In the latest episode of this escalating saga, ransomware specialist and cybersecurity software company Emsisoft (who first flagged the hack in May), has spotted a new post from the hackers on a forum on the dark web.

In the post, seen by MBW and headlined “show must go on”, REvil claim to “have audited the Mr Grubman files and [are now] ready to provide the data to general public for sale.”

“Show business is not concerts and love of fans only – it is [also] big money and social manipulation.”

“We have so many value files, and the lucky ones who buy [the] data will be satisfied for a very long time,” states REvil’s note.

The group then claims: “Show business is not concerts and love of fans only — it is [also] big money and social manipulation, mud lurking behind the scenes and sexual scandals, drugs and treachery.”

In the post, REvil gives a public auction date of July 1 for data purportedly associated with three celebrities: Nicki Minaj, Mariah Carey and LeBron James.

The starting bids for each of those auctions is $600,000.

They also claim to be auctioning, on July 3, a load of documents owned by Universal, and separately MTV, each for a starting price of $1 million.

Also on July 3, REvil claims to be starting an auction for data related to Bad Boy Entertainment Holdings at a starting price of $750,000.

Another auction is scheduled for July 5, but the post doesn’t specify what it will be for, and simply states: “Update soon…”


The terms of the auctions, according to REvil, are “one package – one sale – [sic] on one hands”.

“Each lot includes full information downloaded from the office, namely – contracts, agreements, NDA, confidential information, court conflicts [and] internal correspondence with the firm,” they add.

REvil’s post includes the disclaimer that they “are not responsible for the [buyer’s] actions” and offer their guarantee that, “by our name and reputation”, the data will be deleted from their servers once sold.

The auctions will run for three months, according to REvil, and they suggest that “there will be enough ways to solve this situation for both the general public and celebrities”.

It adds: “Before the start of the auction and sales there is an offer for full redemption of the entire archive of documents” – for the price of $42m.

“P.S. Mr Grubman, you have [the] chance to stop that, and you know what to do.”


In a statement issued last month, GSMS said that “We can confirm that we’ve been victimized by a cyberattack”.

It added: “We have notified our clients and our staff. [We] have hired the world’s experts who specialize in this area, and we are working around the clock to address these matters.”

Allen Grubman, who originally founded GSMS in the 1970s, refuses to negotiate, reported Page Six last month, which cites a source as saying “his view is, if he paid, the hackers might release the documents anyway… plus the FBI has stated this hack is considered an act of international terrorism, and we don’t negotiate with terrorists.”

Other artists (and GSMS clients) whose data is included in the breach also include Nicki Minaj, Bruce Springsteen, Mary J. Blige, Ella Mai, Christina Aguilera and Mariah Carey, while companies that have been represented by GSMS in the past include Universal Music Group, Sony/ATV, Sony Corp, Facebook, Spotify and iHeartMediaMusic Business Worldwide

Related Posts