Global Law Firm Breached & Data Stolen
International law firm Allen & Overy (A&O) has suffered a “data incident” and parts if its corporate network affected, as a consequence of an attack by the prolific LockBit ransomware group.
The London-based legal firm has disclosed it “experienced a cyber security incident impacting a small number of storage servers” after social media posts claimed LockBit hackers had accessed the company systems and were threatening to publish data from the firm’s files.
“We have experienced a data incident impacting a small number of storage servers,” an A&O spokesperson said.
“Investigations to date have confirmed that data in our core systems, including our email and document management system, has not been affected,” AO said in a statement. The company also said it “took immediate action to isolate and contain the incident” and that an outside cybersecurity advisor was brought in to help assess “exactly what data has been impacted.”
Threat intelligence platform FalconFeeds.io first posted about the LockBit claim November 7th on TwitterX, along with a screenshot showing A&O listed on the group’s dark leak site. “LockBit #ransomware group had added Allen & Overy to their victim list. They claim to publish the data on November 28th, 2023,” the TwitterX post stated.
The firm continues to operate normally with limited disruption due to the containment procedures, A&O said. The company said it would be informing affected clients while forensic investigations and remediation takes place. “We appreciate that this is an important matter for our clients, and we take this very seriously. Keeping our clients’ data safe, secure, and confidential is an absolute priority,” the spokesperson said.
Law Firms Increasingly Targeted by Hackers
Britain's National Cyber Security Centre has issued a threat report to law firms earlier this year identifying that law forms are increasingly targeted by hackers aiming to steal sensitive documents . Last year, the Solicitors Regulation Authority for England and Wales, warned law firms that their growing dependence on technology as a result of remote working following the Covid lockdown had created "more opportunities for cybercriminals."
In comment, Gerasim Hovhannisyan, the CEO of data protection firm EasyDMARC said "...his recent attack on another law firm is illustrative of the growing cyber threat faced by legal institutions. As organisations trusted with such sensitive data, it is imperative that cyber security measures are treated as a top priority by those in charge."
Other law forms were also claimed on LockBit’s victim blog in recent weeks with many of them facing ransom deadlines to retrieve their data from the threat of publication on the Dark Web.
FalconFeeds: A&O: Reuters: Cybernews: FNLondon: Law.com: NCSC:
LegalCheek: EM360:
You Might Also Read:
Criminal Records Office Hit By A "Cyber Incident”:
___________________________________________________________________________________________
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible