Cyber Attack Strikes At The Heart Of The Legal Profession

Cyber Attack Strikes At The Heart Of The Legal Profession

Many organisations worldwide have found themselves subjected to damaging and dangerous cyber attacks and the legal profession has not been immune from this growing trend. Many hundreds of law firms have found themselves targeted by these attacks. By way of example, the most recent high-profile case appears to have been when information supposedly held in a secure manner by criminal law firm Tuckers Solicitors inexplicably ended up in the public domain on what is colloquially known as the dark web. An example of the information contained in this leaked data was confidential documents which were contained in electronic court bundles. On assessing the evidence the Information Commission imposed a fine in the amount of just shy of £100,000. This was to take into account the seriousness of the data protection breaches. The Commissioner’s Office stated that the reason for this substantial fine was that the firm had fallen short of the required standards. After all, it had not secured the data adequately.

However, this has not been an isolated incident and appears to be part of a growing trend of cyber security incidents which appear to be blighting the legal profession at this moment in time. News of one such very serious incident reared its ugly head on Wednesday 27th April 2022 when headlines emerged of a cyber-attack that had been launched targeting the entire legal profession.

A concerning statement was released on the Bar Council’s website headlined ‘Update on our current technical difficulties’ and published by Chief Executive Malcolm Cree and Director General Mark Nealeconfirmed that the Council had been the subject of a cyber-attack. It issued a very genuine, sincere, and heartfelt apology to all parties who have had the misfortune to be affected by this incident.

What Did The Bar Council Do To Mitigate the Risks From The Fallout?

Mr. Cree and Mr. Neale explained in the statement that the Bar Council had gone into damage limitation mode. It had taken decisive action and quickly arrived at the difficult decision to do all it reasonably could to limit any further damage from the attack and stem the flow of lost precious data. It acted to suspend the website and recognised that it needed to take the website offline.

How Did The Bar Council Reassure The Profession and The Wider Public That It Had The Situation Under Control?

The IT bodies at the Bar Council presumably had carried out some form of initial investigation and stated their reasonable belief that data had not been lost from its server. It sought to reassure affected and concerned parties that it was straining every sinew to repair the issue as soon as it possibly could.

What Impact Has The Cyber Attack Had?

Early indications show that the cyber security incident has had a significant impact on the following areas of the Bar Council:

  • Internal stakeholders have found it impossible to access the email system
  • the Council has a system known colloquially as ‘MyBar’. As a direct result of the incident affected parties who regularly use this system has been left seemingly frustrated by not being able to access it
  • there have also been issues relating to key stakeholder ID and important Authorisation to Practice cards.

What Are The Bar Council Doing To Resolve the Situation?

By way of damage limitation, the Bar Council said in its statement that it is working in close collaboration with cyber security agencies such as the National Cyber Security Centre, the law enforcement authorities such as the police, and the Information Commissioner’s Office to decontaminate the system and reinstate it to its pre-cyber-attack state.

The Legists Content Team

ASSESSING FIRMS

#BakerMcKenzieLLP #DLAPiperLLP #HoganLovells #HuntonAndrewsKurthLLP #Morrison&FoesterLLP #Orrick,Herrington&Sutcliffe #VenableLLP #Baker&HoestlerLLP #CooleyLLP #Covington&BurlingtonLLP #DechertLLP

THE ARTICLE WAS WRITTEN USING THE FOLLOWING SOURCES

[1] Bar Council – Update on our current technical difficulties – 27 April 2022 - Update on our current technical difficulties (barcouncil.org.uk)

[2] Rose, Neil – Bar Council and Ward Hadaway become latest cyber-attack victims – 27 April 2022 – Legal Futures - Bar Council and Ward Hadaway become latest cyber-attack victims - Legal Futures

[3] Rose, Neil – Top criminal law firm fined £98,000 for cyber-security “negligence” – 10 March 2022 – Legal Futures - Top criminal law firm fined £98,000 for cyber-security "negligence" - Legal Futures

[4] Rose, Neil – Conveyancing giant told to improve communication after cyber-attack – Legal Futures - Conveyancing giant told to improve communication after cyber-attack - Legal Futures

[5] Hilborne, Nick – Chambers obtains final injunction after cyber-attack – Legal Futures - 16 September 2021 - Chambers obtains final injunction after cyber-attack - Legal Futures

[6] Rose, Neil – Ince Group granted the injunction after a ransomware attack – Legal Futures - 5 April 2022 - Ince Group granted the injunction after a ransomware attack - Legal Futures

[7] Ince Group Plc and Person(s) Unknown [2022] EWHC 808 (QB) Case Number-2022-001053 - The Ince Group Plc v Person(s) Unknown [2022] EWHC 808 (QB) (01 April 2022) (bailii.org)

[8] Cross, Michael – Bar Left Reeling from malicious cyber-attack – Law Society Gazette - 27 April 2022 - Bar left reeling from malicious cyber-attack | News | Law Gazette

banner

Articles

Stay Tuned

Receive regular news, updates, upcoming events and more...