A cybersecurity incident at a leading claimant firm could be the latest example of a concerted wave of attacks on law firms and chambers, cybersecurity experts have said.
Callers to Cardiff-based NewLaw were this week greeted with a message saying that NewLaw Legal Limited and NewLaw Scotland LLP ‘were the victim of a cybersecurity incident’ which ‘unfortunately impacted our ability to provide a normal service to clients’. While the firm is ‘able to manually progress many cases, please bear with us as many systems remain offline’, callers are told.
The firm did not respond to the Gazette’s request for an update. A notice on its website states: ‘We’re making great progress getting some of our systems safely and securely back up and running.’ However Damian Cleary, a solicitor and cybersecurity expert, told the Gazette that in such cases systems are typically compromised, with details sold on the ‘dark web’, some 12-18 months before an actual ‘ransomware’ attack.
Research on the dark web by security consultancy One Brightly Cyber has found evidence of a ‘targeted campaign’ against law firms and chambers in London. A spate of breaches date from 22 May 2024: one magic circle firm had 41 breaches of username and password on that day. London set Brick Court Chambers last month confirmed that it had been the victim of a cyber-attack.
The 2024 Professional Services Threat Landscape report by Trustwave this week warned that professional services firms ‘often become targets for nation-state threat actors.’