Exclusive: Firms' fury over misleading cyber security claims
26 January 2018
A cyber security company has apologised after its claims that the UK's biggest law firms have had sensitive data exposed sparked misleading news stories and a furious response from the firms.
In "Securing the Law Firm: Dark Web footprint analysis of 500 UK legal firms
", RepKnight claimed that one million email addresses and credentials relating to the firms had been circulated online, 80% of which came with a password. Its report named virtually every major UK firm as having featured in its 'study'.
RepKnight's explosive claims went around the world, with dozens of outlets hastily reproducing the company's findings and naming the firms on the list as hacking victims. But it has subsequently emerged that the report was not entirely scholarly. Clues that the report was actually a marketing ploy included the email address the company gave for contact: sales@repknight.
Its apparent attempt to drum up business by scaring or embarrassing the top 500 firms in the UK into buying the full report and its services did not go entirely to plan. RollOnFriday has learned that a number of the listed firms complained to RepKnight. Some were contacted by worried clients who panicked after reading about the report. As a result of the backlash, RepKnight has now deleted the annex listing the firms. It has also added a FAQ section which clarifies that "as far as we know none of these law firms has been hacked
". It notes that the "vast majority of credentials
" in the report "originated from breaches of unconnected third-party websites
", like LinkedIn.
Step 1. Imply firms have been hacked.
Step 2. ????
Step 3. PROFIT!!!
A spokeswoman for Hogan Lovells told RollOnFriday "our data hasn't been breached",
though the report "certainly attempts to give a different perspective".
She said RepKnight's report was a "marketing exercise
" which was not based on facts and does "little to allay concerns, but rather fuel[s] them for publicity's sake which is misleading and frustrating for the legal industry and those it serves".
A Watson Farley & Williams spokesman also dismissed the report as "nothing more than a sales exercise".
He said that RepKnight had confirmed that it had "seen no evidence that WFW’s network has been breached"
. Gavin Tyler, managing partner of Tunbridge Wells firm Cripps, said "we have been contacted twice by RepKnight recently seeking to engage with us. This may suggest that the whitepaper is a marketing exercise. On neither occasion did they suggest our cybersecurity had been compromised".
A spokesman for RepKnight told RollOnFriday, "a few firms seem to be getting upset that clients have called them up and asked 'has my data been breached?'"
He said, "We’ve already apologised if this has caused additional workload - that wasn’t the intention".
And that, "far from trying to cause unnecessary alarm, we are trying to raise awareness".
Which he has achieved, albeit alienating 500 potential clients in the process. RepKnight's full statement to RollOnFriday can be read here