Global Law Firm Breached & Data Stolen

International law firm Allen & Overy (A&O) has suffered a “data incident” and parts if its corporate network affected, as a consequence of an attack by the prolific LockBit ransomware group. 

The London-based legal firm has disclosed it “experienced a cyber security incident impacting a small number of storage servers” after social media posts claimed LockBit  hackers had accessed the company systems and were threatening to publish data from the firm’s files. 

“We have experienced a data incident impacting a small number of storage servers,” an A&O spokesperson said.
“Investigations to date have confirmed that data in our core systems, including our email and document management system, has not been affected,” AO said in a statement.  The company also said it “took immediate action to isolate and contain the incident” and that an outside cybersecurity advisor was brought in to help assess “exactly what data has been impacted.” 

Threat intelligence platform FalconFeeds.io first posted about the LockBit claim November 7th on TwitterX, along with a screenshot showing A&O listed on the group’s dark leak site. “LockBit #ransomware group had added Allen & Overy to their victim list. They claim to publish the data on November 28th, 2023,” the TwitterX post stated.

The firm continues to operate normally with limited disruption due to the containment procedures, A&O said. The company said it would be informing affected clients while forensic investigations and remediation takes place. “We appreciate that this is an important matter for our clients, and we take this very seriously. Keeping our clients’ data safe, secure, and confidential is an absolute priority,” the spokesperson said.

Law Firms Increasingly Targeted by Hackers

Britain's National Cyber Security Centre has issued a threat report to law firms earlier this  year identifying that law forms are increasingly targeted by hackers aiming to steal sensitive documents . Last year, the Solicitors Regulation Authority for England and Wales, warned law firms that their growing dependence on technology as a result of remote working  following the Covid lockdown had created "more opportunities for cybercriminals."

In comment, Gerasim Hovhannisyanthe CEO of data protection firm EasyDMARC said "...his recent attack on another law firm is illustrative of the growing cyber threat faced by legal institutions. As organisations trusted with such sensitive data, it is imperative that cyber security measures are treated as a top priority by those in charge."

Other law forms were also claimed on LockBit’s victim blog in recent weeks with many of them facing ransom deadlines to retrieve their data from the threat of publication on the Dark Web. 

FalconFeeds:     A&O:    Reuters:      Cybernews:       FNLondon:        Law.com:     NCSC

LegalCheek:     EM360:

You Might Also Read: 

Criminal Records Office Hit By A "Cyber Incident”:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Halting The Rise Of Ransomware
Attack On Chinese Bank Disrupts Financial Trading »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NATO Cooperative Cyber Defence Centre (CCDCOE)

NATO Cooperative Cyber Defence Centre (CCDCOE)

NATO CCDCOE's mission is to enhance the capability, cooperation and information sharing among NATO, NATO nations and partners in cyber defence.

Quotium

Quotium

Quotium provides automated testing technologies to make business software applications secure and robust.

GovCERT.CZ

GovCERT.CZ

GovCERT.CZ is the Government Computer Emergency Response Team of the Czech Republic.

Kroll

Kroll

Kroll provides clients a way to build, protect and maximize value through our differentiated financial and risk advisory and intelligence.

SGCyberSecurity

SGCyberSecurity

SGCyberSecurity is Singapore's No.1 Cyber Security portal. From this platform, you will be able to find useful articles, resources and connect with the security companies for your business needs.

MaskTech

MaskTech

MaskTech supplies highest security embedded chipsets, operating systems and related middleware for electronic identification cards, travel documents and authentication solutions.

Centro de Gestion de Incidentes Informaticos (CGII)

Centro de Gestion de Incidentes Informaticos (CGII)

CGII is the Computer Incident Management Center of the State of Bolivia.

Hysolate

Hysolate

Hysolate has transformed the endpoint, making it the secure and productive environment it was meant to be.

Cyber Science

Cyber Science

Cyber Science is the flagship conference of C-MRiC, focusing on pioneering research and innovation in Cyber Situational Awareness, Social Media, Cyber Security and Cyber Incident Response.

Startupbootcamp Fintech & Cybersecurity

Startupbootcamp Fintech & Cybersecurity

Startupbootcamp is the world’s largest network of multi-corporate backed accelerators helping startups scale internationally.

Elemental Cyber Security

Elemental Cyber Security

Elemental is a game changing cyber security compliance automation and enforcement technology provider.

Wing Security

Wing Security

Wing fosters a stronger security culture by engaging SaaS end-users and enabling easy communication with security teams.

Traced

Traced

TRACED is changing the detection paradigm. Empowering defenders to go on the offense to engage cyber attackers before they compromise your organization.

Cisilion

Cisilion

Cisilion's mission is simple – to transform and connect business with next-generation IT infrastructure. Our expertise includes enterprise networking, security, data centre & cloud, managed services.

Lintu Solutions

Lintu Solutions

Lintu Solutions is a trusted provider of comprehensive cybersecurity and enterprise risk management solutions.

CyberSalus

CyberSalus

CyberSalus is a pioneering cyber tech services company dedicated to protecting the digital integrity of healthcare organizations.