Magic circle firm Allen & Overy has confirmed it has been the victim of a cyber-attack affecting a ‘small number’ of storage servers.

In a statement, the firm said it was assessing exactly what data had been impacted as a matter of priority and informing clients who may be affected.

Investigations to date have confirmed that data in the firm’s core systems, including the email and document management system, has not been affected. The firm continues to operate normally with ‘some disruption’ arising from steps taken to contain the incident.

Detailed cyber forensic work is ongoing to investigate and remediate the incident.

‘We appreciate that this is an important matter for our clients, and we take this very seriously,’ said the firm. ‘Keeping our clients’ data safe, secure, and confidential is an absolute priority.’

Allen & Overy

Allen & Overy

Ransomware group LockBit has reportedly posted online that it hacked the law firm and planned to publish all available data later this month.

Earlier this year, the National Cyber Security Centre reported that law firms of all sizes were at risk from attack by cyber criminals. The sector was seen as a particular target because law firms routinely handle sensitive client information; disruption to routine business operations can be so costly;  and many legal practices rely on an external IT services provider. The importance of reputation to the business of law also made law firms attractive targets for extortion.

City firm Ince & Co suffered a cyber-attack in 2021 and despite securing an injunction to prevent the hackers publishing or communicating the stolen information, it later estimated the incident had cost the business £5m.

A major IT systems outage due to a security incident at conveyancing giant Simplify ended up costing the company nearly £7m.

The SRA has also highlighted the sector’s vulnerability and attractiveness to cyber criminals of a sector where large amounts of client money are held. In the first half of 2020, firms reported that nearly £2.5m of money was stolen by cybercriminals, more than three times the amount reported in the first half of 2019. Changes in working patterns – particularly the increase in remote working – has increased the risk since then.