"Now for the next slide on Cyber-securi-"

The Ince Group has obtained an injunction to protect its confidential data after it was hit by a ransomware attack.

Cyber-attackers targeted Ince on 13 March, and threatened to publish stolen data on the dark web if the firm did not pay a ransom. On 1 April, the High Court granted the firm an injunction to block the use, publication or disclosure of any data taken from the firm's systems by the hackers. 

A spokesman for the Ince Group told RollOnFriday that the injunction means that if the hackers publish the data "they may be held in contempt of court and imprisoned, fined or have their assets seized."

It is an illustration of the vulnerability of major law firms to this sort of attack, which is something lawyers working for these firms should be aware of. Ince advises on cyber security, but has now found itself to be a victim. The firm highlights its expertise on its website, and offers clients a "Cyber Security Assessment" to identify any existing vulnerabilities in their networks.

Ince Cyber e

Notably, this case.

Ince's IT systems were disrupted following the cyber-attack. RollOnFriday was told by a source that staff had problems with their emails for three weeks, which had affected their ability to access certain emails and documents. Ince staff couldn't record time or raise invoices, either, said an insider. And there was no wifi in the office, so everyone had to WFH or, if they were in the office, to use "hotspotting off their phones".

The firm did not verify the extent of the IT issues, but did confirm there had been problems due to the cyber-attack. A spokesman said: “Whilst we have been experiencing some IT disruption as a result of this incident, where possible we’ve put work arounds in place to ensure client servicing can continue as normal; albeit, in some cases, with slight delays.”

It is not known who is behind the attack at this stage. But Ince is not the only firm that has been hit by hackers. A criminal law firm was recently fined after it failed to secure sensitive court files which were posted on the dark web.

In 2017, a cyber gang crippled DLA Piper's communication network for over two days. The hackers asked the firm to pay an unspecified wedge of bitcoin, but RollOnFriday understands that the firm refused to cough up. In 2020 a ransomware gang claimed that it was auctioning a media law firm's celebrity client files. Other hackers have merely forced law firms to sell diet pills, advertise busty brides and flog Viagra.

Tip Off ROF


Anonymous 08 April 22 08:42

Sorry to ruin the illusion Ince, but if these guys are able to waltz through your security, they can almost certainly publish online without getting caught. 

If I was a client at Ince, I’d be furious. Confidential client information may well end up online because of this. 

Paul Roberts 08 April 22 09:09

Will hackers who are engaging in illegal activity and able to remain anonymous pay any attention to an injunction?

Zyzz 08 April 22 10:14

am i missing something?  why would an injunction against anonymous hackers be in any way effective? 

*images of criminal hackers swooning and clutching their pearls*

HKKiwi 08 April 22 11:15

Ah yes, the injunction against cybercriminals threatening to release data onto the dark web.  Useful for nothing but generating fees, which in this case presumably won't exist as the firm is its own client.

Anonymous 08 April 22 11:52

The injunction only has utility when the hackers inevitably are caught. Contempt of court will weigh a lot heavier than the inevitable defence about the poor, poor client was just suffering from autism. These hackers probably operate internationally, so when they are caught, they will probably also sent to the US.

Anonymous 08 April 22 12:11

Of course, a law firm has to be seen to be doing something ‘legal’. I may be helpful later down the line if another side tries to use that information in a deal /transaction. 

Also, they won’t be doing the incident response themselves. They will paying another firm to deal with it. 

Anonymous 08 April 22 15:12

Worth noting that whilst this may have been a targeted attack it was more likely someone accidentally downloading malware.

Another reminder that everyone has a part to play in information security, the moment you think someone else is dealing with it is the moment you've lost.

Anon 08 April 22 15:19

The injunction is to show their clients the firm takes it seriously, given it’s the clients’ information.   It’s otherwise meaningless unless it can be enforced against individuals but if they were known the police would arrest them anyway.     It may possibly show other potential hackers that the firm won’t pay ransom monies as well, which they hope will deter future attacks.  


Hhmmm 08 April 22 18:47

They switched off the servers of the French part of Ince when the French told Gordon Dadds where to go, and in doing so destroyed all of the French firm's data. 

Karma's a bitch. That same French firm is now throwing off several times more profit than aimless Ince. Go figure. 

Guess what 13 April 22 12:03

Heh @ Lawyers offering "information security" solutions for clients.

1. "Here's a policy"

2. We recommend you should get someone to train your staff. No, we don't have any suggestions.

3. We understand that there are loads of tools/service providers out there to test penetration of your systems and how likely your staff are to click malware e-mails; You should find and incorporate them into your infosec systems. No, we don't have any suggestions.

4. You've been hacked? Oh dear. We can tell you the regulators you need to notify, the wording of notifications to your customers and what you should tell employees about their personal data making its way onto the dark web. 

5. Actual forensic investigation of how/when they got in, is the malware still there, what data they looked at vs what they actually took...? Nope.

6. After step 4, we also suggest you instruct us to take out an ex parte injunction against persons unknown to demonstrate to your insurers that you've done 'absolutely everything' you could to try and mitigate your loss. 

7. What do you mean "What do I do now"? Actually, on second thoughts ... here's a new policy. 


Wizz 22 April 22 21:35

Just received a letter from Ince regarding the cyber attack. Absolutely furious right now as I'm no longer employed with the company and I'm not sure how they archive your details but all my personal info has been compromised

Wizz 27 April 22 09:57

Cannot understand why the Law Gazette has chosen not to publish this article, yet in big headlines today it reads, Ward Hadaway blackmailed after cyber attack! Is there is selection process as to why they neglected to publish Ince Group cyber attack, or am I missing something! Just a thought

Related News