Global Law Firm Breached & Data Stolen

Uploaded on 2023-11-12 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

International law firm Allen & Overy (A&O) has suffered a “data incident” and parts if its corporate network affected, as a consequence of an attack by the prolific LockBit ransomware group. 

The London-based legal firm has disclosed it “experienced a cyber security incident impacting a small number of storage servers” after social media posts claimed LockBit  hackers had accessed the company systems and were threatening to publish data from the firm’s files. 

“We have experienced a data incident impacting a small number of storage servers,” an A&O spokesperson said.
“Investigations to date have confirmed that data in our core systems, including our email and document management system, has not been affected,” AO said in a statement.  The company also said it “took immediate action to isolate and contain the incident” and that an outside cybersecurity advisor was brought in to help assess “exactly what data has been impacted.” 

Threat intelligence platform FalconFeeds.io first posted about the LockBit claim November 7th on TwitterX, along with a screenshot showing A&O listed on the group’s dark leak site. “LockBit #ransomware group had added Allen & Overy to their victim list. They claim to publish the data on November 28th, 2023,” the TwitterX post stated.

The firm continues to operate normally with limited disruption due to the containment procedures, A&O said. The company said it would be informing affected clients while forensic investigations and remediation takes place. “We appreciate that this is an important matter for our clients, and we take this very seriously. Keeping our clients’ data safe, secure, and confidential is an absolute priority,” the spokesperson said.

Law Firms Increasingly Targeted by Hackers

Britain's National Cyber Security Centre has issued a threat report to law firms earlier this  year identifying that law forms are increasingly targeted by hackers aiming to steal sensitive documents . Last year, the Solicitors Regulation Authority for England and Wales, warned law firms that their growing dependence on technology as a result of remote working  following the Covid lockdown had created "more opportunities for cybercriminals."

In comment, Gerasim Hovhannisyanthe CEO of data protection firm EasyDMARC said "...his recent attack on another law firm is illustrative of the growing cyber threat faced by legal institutions. As organisations trusted with such sensitive data, it is imperative that cyber security measures are treated as a top priority by those in charge."

Other law forms were also claimed on LockBit’s victim blog in recent weeks with many of them facing ransom deadlines to retrieve their data from the threat of publication on the Dark Web. 

FalconFeeds:     A&O:    Reuters:      Cybernews:       FNLondon:        Law.com:     NCSC

LegalCheek:     EM360:

You Might Also Read: 

Criminal Records Office Hit By A "Cyber Incident”:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Halting The Rise Of Ransomware
Attack On Chinese Bank Disrupts Financial Trading »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

SISA

SISA

SISA is a global forensics-driven cybersecurity solutions company, trusted by leading organizations for securing their businesses with robust preventive and corrective cybersecurity solutions.

Netrix

Netrix

Netrix is a Mexican company specialized in IT Security, with more than 18 years of experience in Managed Services, Professional Services and Turnkey Solutions related to Security.

ReliaQuest

ReliaQuest

ReliaQuest’s GreyMatter solution connects existing technology, people, and process – then equips security teams with unified, actionable insights across their entire environment.

Method Cyber Security

Method Cyber Security

Method offers a Cyber Security Risk Management training course for those responsible for the security of industrial automation, control and safety systems.

White Bullet

White Bullet

White Bullet’s risk profiling AI detects, dynamically scores and flags unsafe domains, apps and advertising.

Greenberg Traurig (GT)

Greenberg Traurig (GT)

Greenberg Traurig, LLP (GT) is a global law firm with offices in 40 locations in the United States, Latin America, Europe, Asia, and the Middle East.

Alias Robotics

Alias Robotics

Alias Robotics is a robot cyber security company. We deliver cyber security solutions for robots and robot components.

M2MD Technologies

M2MD Technologies

M2MD Technologies offers solutions optimized for cellular IoT that provide stronger security, reduced costs, enhanced user experience, and ultimately generates higher returns for stakeholders.

Cybersecurity Center for Secure Evolvable Energy Delivery Systems (SEEDS)

Cybersecurity Center for Secure Evolvable Energy Delivery Systems (SEEDS)

SEEDS conducts research and develops innovative cybersecurity technologies, tools, and methodologies that advance the energy sector’s ability to survive cyber incidents.

Secret Intelligence Service (SIS - MI6)

Secret Intelligence Service (SIS - MI6)

The UK’s Secret Intelligence Service, also known as MI6, has three core aims: stopping terrorism, disrupting the activity of hostile states, and giving the UK a cyber advantage.

Black Girls In Cyber (BGiC)

Black Girls In Cyber (BGiC)

Black Girls In Cyber's mission is to increase industry awareness and diversity in cybersecurity, privacy, and STEM for women of color.

Custard Technical Services

Custard Technical Services

Custard provide Network Security for all types of businesses across many industries, helping to keep them safe and secure.

PROVINTELL Cyber Security

PROVINTELL Cyber Security

PROVINTELL is a Managed Security Service Provider (MSSP) specialising in Next-Gen Cyber Defense and Response to detect and respond to threats.

Anch.AI

Anch.AI

Anch.AI is an Ethical AI Governance platform that helps you comply with EU regulations and avoid risks and penalties when developing and using AI as part of your business.

ScamAdvisor

ScamAdvisor

ScamAdviser helps over 3 million consumers every month to discover if a website is legitimate or a possible scam.

PayPal Ventures

PayPal Ventures

PayPal Ventures invests in companies at the forefront of innovation in fintech, payments, commerce enablement, artificial intelligence, blockchain and cryptocurrency, regulatory and cyber technology.