Hackers have taken confidential data belonging to a network of law firms including Trowers & Hamlins and published it on the organisation's own website.
The sensitive information was taken from Interlaw, the umbrella name for an organisation of 82 firms which refer work to one another. Members use Interlaw to advertise themselves to clients as capable of offering a global service. One component of Interlaw is a database in which members enter details of inbound and outbound referrals of work.
This week pages from the referral database replaced pages of Interlaw's public-facing site. RollOnFriday was directed to sections relating to Wåhlin, a Swedish firm. Details including the names of its clients, the names of referring and referred firms and the value of the deals were visible. Readers were also able to edit, delete and even add their own entries. Which a RollOnFriday reporter discovered after successfully changing a client's name to "mY MUM", adding "HI!!!" to another and filling in a new referral, before panicking and putting it all back.
Here's some of the exposed outbound referral data (redacted by RollOnFriday):
And here is some of the exposed inbound referral data (redacted and temporarily amended by RollOnFriday (temporarily)):
Interlaw discovered the breach when it was notified by RollOnFriday. A spokeswoman said, "We are aware that there has been unauthorised access to our online referral system which is hosted in the US, as a result of a security issue related to password protection. We took the immediate precautionary measure of closing down the system". She said, "we do not believe this to be a significant breach" but that Interlaw had "contacted the relevant regulatory authorities", including the police. "Our investigation currently indicates that the referral system has been entered illegally".
Interlaw is currently combing through logs of all the IP addresses which accessed the information, and RollOnFriday would like to once again state that its reporter was just mucking about, so please don't start extradition proceedings because he doesn't want to live in an embassy broom cupboard with Julian.
Tip Off ROF
The sensitive information was taken from Interlaw, the umbrella name for an organisation of 82 firms which refer work to one another. Members use Interlaw to advertise themselves to clients as capable of offering a global service. One component of Interlaw is a database in which members enter details of inbound and outbound referrals of work.
This week pages from the referral database replaced pages of Interlaw's public-facing site. RollOnFriday was directed to sections relating to Wåhlin, a Swedish firm. Details including the names of its clients, the names of referring and referred firms and the value of the deals were visible. Readers were also able to edit, delete and even add their own entries. Which a RollOnFriday reporter discovered after successfully changing a client's name to "mY MUM", adding "HI!!!" to another and filling in a new referral, before panicking and putting it all back.
Here's some of the exposed outbound referral data (redacted by RollOnFriday):
 |
And here is some of the exposed inbound referral data (redacted and temporarily amended by RollOnFriday (temporarily)):
Interlaw discovered the breach when it was notified by RollOnFriday. A spokeswoman said, "We are aware that there has been unauthorised access to our online referral system which is hosted in the US, as a result of a security issue related to password protection. We took the immediate precautionary measure of closing down the system". She said, "we do not believe this to be a significant breach" but that Interlaw had "contacted the relevant regulatory authorities", including the police. "Our investigation currently indicates that the referral system has been entered illegally".
Interlaw is currently combing through logs of all the IP addresses which accessed the information, and RollOnFriday would like to once again state that its reporter was just mucking about, so please don't start extradition proceedings because he doesn't want to live in an embassy broom cupboard with Julian.
Comments
140
139