Global Law Firm Breached & Data Stolen

Uploaded on 2023-11-12 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

International law firm Allen & Overy (A&O) has suffered a “data incident” and parts if its corporate network affected, as a consequence of an attack by the prolific LockBit ransomware group. 

The London-based legal firm has disclosed it “experienced a cyber security incident impacting a small number of storage servers” after social media posts claimed LockBit  hackers had accessed the company systems and were threatening to publish data from the firm’s files. 

“We have experienced a data incident impacting a small number of storage servers,” an A&O spokesperson said.
“Investigations to date have confirmed that data in our core systems, including our email and document management system, has not been affected,” AO said in a statement.  The company also said it “took immediate action to isolate and contain the incident” and that an outside cybersecurity advisor was brought in to help assess “exactly what data has been impacted.” 

Threat intelligence platform FalconFeeds.io first posted about the LockBit claim November 7th on TwitterX, along with a screenshot showing A&O listed on the group’s dark leak site. “LockBit #ransomware group had added Allen & Overy to their victim list. They claim to publish the data on November 28th, 2023,” the TwitterX post stated.

The firm continues to operate normally with limited disruption due to the containment procedures, A&O said. The company said it would be informing affected clients while forensic investigations and remediation takes place. “We appreciate that this is an important matter for our clients, and we take this very seriously. Keeping our clients’ data safe, secure, and confidential is an absolute priority,” the spokesperson said.

Law Firms Increasingly Targeted by Hackers

Britain's National Cyber Security Centre has issued a threat report to law firms earlier this  year identifying that law forms are increasingly targeted by hackers aiming to steal sensitive documents . Last year, the Solicitors Regulation Authority for England and Wales, warned law firms that their growing dependence on technology as a result of remote working  following the Covid lockdown had created "more opportunities for cybercriminals."

In comment, Gerasim Hovhannisyanthe CEO of data protection firm EasyDMARC said "...his recent attack on another law firm is illustrative of the growing cyber threat faced by legal institutions. As organisations trusted with such sensitive data, it is imperative that cyber security measures are treated as a top priority by those in charge."

Other law forms were also claimed on LockBit’s victim blog in recent weeks with many of them facing ransom deadlines to retrieve their data from the threat of publication on the Dark Web. 

FalconFeeds:     A&O:    Reuters:      Cybernews:       FNLondon:        Law.com:     NCSC

LegalCheek:     EM360:

You Might Also Read: 

Criminal Records Office Hit By A "Cyber Incident”:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Halting The Rise Of Ransomware
Attack On Chinese Bank Disrupts Financial Trading »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Satisnet

Satisnet

Satisnet is a leading Security Reseller, Managed Security Services Provider (MSSP) and Cyber Training Innovator, with operations throughout the UK, EMEA and United States.

CyberArk Software

CyberArk Software

CyberArk is an established leader in privileged access management and offers the most complete set of Identity Security capabilities.

MNCERT/CC

MNCERT/CC

MNCERT/CC is the national Computer Emergency Response Team for Mongolia.

Kingsley Napley

Kingsley Napley

Cyber crime is an area of growing legal complexity. Our team of cyber crime lawyers have vast experience of the law in this area.

ConvergeOne

ConvergeOne

ConvergeOne is a leading global IT services provider of collaboration and technology solutions including cybersecurity.

IoT M2M Council (IMC)

IoT M2M Council (IMC)

The IMC is the largest and fastest-growing trade organisation in the IoT/M2M sector.

CyberSAFE Malaysia

CyberSAFE Malaysia

CyberSAFE Malaysia is an initiative to educate and enhance the awareness of the general public on the technological and social issues and risks facing internet users.

CyCraft Technology Corp

CyCraft Technology Corp

CyCraft is an AI company that forges the future of cybersecurity resilience through autonomous systems and human-AI collaboration.

Syber Technology

Syber Technology

Syber Technology is an IT project implementer empowering IT systems of Small to Medium Enterprises in the Middle East.

Lightspin

Lightspin

Lightspin is a contextual cloud security platform that continuously visualizes, detects, prioritized, and prevents any threat to your cloud stack.

SecureLayer7

SecureLayer7

SecureLayer7 is an international provider of integrated business information security solutions with an innovative approach to IT security.

Bfore.ai

Bfore.ai

Stop future attacks, today. Bfore.ai is an operational threat intelligence feed to add predictive technology to your security infrastructure.

Concourse Labs

Concourse Labs

Concourse Labs Security Guardrails continuously verify cloud infrastructure and workloads. Continuously assess clouds for security, resiliency, and regulatory compliance.

Apollo Information Systems

Apollo Information Systems

Apollo is a value-added reseller that provides our clients with the complete set of cybersecurity and networking services and solutions.

DigitalWell

DigitalWell

DigitalWell provide fully managed IT and communications solutions for a truly innovative end-to-end experience - for your customers and teams.

Point Wild

Point Wild

Point Wild is a holding company that acquires, integrates and manages a diverse portfolio of best-in-class cybersecurity brands for consumers and enterprises.