Work in private practice? Take the RollOnFriday Best Law Firms to Work At 2023 survey

IT systems

Not sure IT has a handle on this


Following last week's news about Ince being hacked, further worrying details have emerged that staff also had their personal data compromised.

A source told RollOnFriday that the firm's Chief Executive, Adrian Biles, made an online announcement to staff about the personal data breach, revealing that sensitive staff information had been compromised by the cyber-attack including salary, bank accounts, addresses, and date of birth etc. 

The insider said at the time of Biles' announcement, the firm could not say which staff's data had been potentially exposed, but that any affected staff would be notified asap.

A spokesman for Ince told RollOnFriday: “Any employees personally affected by the recent cyber-attack have been privately notified and offered guidance on next steps to take.”

Cyber-attackers had targeted Ince on 13 March, and threatened to publish stolen data on the dark web if the firm did not pay a ransom, as RollOnFriday reported last week. On 1 April, the High Court granted the firm an injunction to block the use, publication or disclosure of any data taken from the firm's systems by the hackers. 

The personal data breach follows confirmation from Ince last week that there had been an IT disruption following the cyber-attack. RollOnFriday was told by a source that there were significant problems which included staff not being able to access certain emails and documents for three weeks, or record time or raise invoices. 

Clearly, this kind of cyber-attack could happen to any number of firms, and there is a bitter irony for Ince advising on cyber-security but still being hacked. Presumably the entire City will now be scrambling around to shore up their IT defences.

Tip Off ROF

Comments

Pete 14 April 22 09:50

Incidents like this impacting law firms is hardly a new thing.  It sounds to me like they are taking the incident seriously and doing all the right things.

The fact that Ince & Co have a cybersecurity practice does not make them any less vulnerable (any shortcomings in technical measures in place to prevent the incident from happening would not be down to them).

Unfortunately not 14 April 22 11:36

"Presumably the entire City will now be scrambling around to shore up their IT defences."

After high profile law firm hackings in the past few years (eg DLA Piper), I am not sure that spending on information security among law firms has increased significantly (although would be interested in any empirical evidence RoF could gather). 

I think it will take a client suing a high profile firm when the client's data is compromised to drive mass behaviour change (firm's insurers will presumably also start asking questions too). 

Anon 21 April 22 13:01

They clearly need to x2 the IT security team, create a whole new range of change requests , bigger change approval teams and let’s add some more BAs and PMs into the mix. Maybe get the department owner to personally sign off a user being able to perform right clicks on the start menu. 

Sound familiar anyone ?? 

Related News