A major IT systems failure that has paralysed some of the largest conveyancing practices in the UK should make firms stop and review their own response should the worst happen to them, a cyber law specialist has said.

Council for Licensed Conveyancers-regulated Simplify confirmed last week that a ‘security incident’ that caused a major systems outage affecting firms is the subject of an ‘ongoing criminal investigation’.

Premier Property Lawyers, JS Law, DC Law and Advantage Property Lawyers, which are part of the Simplify group, were hit.

The incident was ongoing as the Gazette went to press. Simplify said it notified the Information Commissioner’s Office and other relevant authorities at the earliest opportunity. Client money was secure and held on a separate system unaffected by the incident, it said.

Peter Wright

Wright: ‘Ask yourselves, what’s the worst that could happen and what would you do?

Source: Michael Cross

The CLC said the nature of the incident meant systems must be restored carefully to ensure security and protect clients.

‘The cautious approach needed will continue to shape the operations of the involved firms and will inevitably delay some transactions. At the moment, Simplify is unable to say when systems will be restored to a degree that would support a return to business as usual. The circumstances also mean that the firms cannot currently provide individual clients with rapid updates on the progress of transactions,’ the regulator said.

For those who have exchanged contracts, conveyancers will be able to complete the transaction. However, clients can move to a different conveyancer. Simplify told the CLC that clients affected by the outage who move conveyancer will not be charged for work already completed by Simplify. Once available, completed land searches can be transferred to the newly appointed conveyancer.

While Simplify continues to restore IT systems, solicitor Peter Wright, managing director of cyber law specialist Digital Law, said that firms should review their own systems.

Wright said: ‘Ask yourselves, what’s the worst that could happen and what would you do? What’s your response as a firm? What are you going to tell your affected data subjects?’ Firms should also have regular dialogue with suppliers about systems, including safety and security, and monitoring new threats, he added.