![David Lester (senior partner at Blythe Liggins), Darryl Barnes, Jagdeep Sandher (head of dispute resolution at Blythe Liggins)[4]](https://d1d8vslyhr7rdg.cloudfront.net/Pictures/274x183/4/2/8/116428_davidlesterseniorpartneratblytheligginsdarrylbarnesjagdeepsandherheadofdisputeresolutionatblytheliggins4_981603_crop.jpg)
Top-100 firm Ward Hadaway was blackmailed for up to $6m (£4.75m) in bitcoin after confidential documents were obtained in a cyber attack, the High Court heard today.
The firm detected a cyber attack last month and was told by an unidentified hacker that files and data downloaded from its IT systems would be published online if $3m was not paid within a week, after which the ransom would double to $6m.
The hacker also sent Ward Hadaway a list of data and files which had been copied in the attack – some of which have been uploaded to the web in an encrypted form.
Ward Hadaway was today granted an injunction against ‘person or persons unknown responsible for engaging in a cyber attack on the [firm] … and/or who is threatening to release the information thereby obtained’, preventing the use or publication of the stolen data.
Mr Justice Johnson, who granted the injunction, said Ward Hadaway’s IT systems ‘hold a great deal of confidential information including personal data, some of which is sensitive personal data’.
‘The work that the claimant does includes acting for defendants in claims for damages for clinical negligence and in cases before the Court of Protection,’ the judge said. ‘Consequently, the documents it holds on its IT systems will or may include medical reports.’
Johnson said that, on 9 March, Ward Hadaway’s cyber defence system ‘triggered an alert [which] indicated that a cyber attack may be in progress’. The following day, the apparent hacker sent an email to members of the firm’s staff saying that ‘confidential data held by the claimant had been downloaded … and would be published unless a ransom was paid’, the judge added.
He held that Ward Hadaway has ‘a strong underlying cause of action against the defendant for breach of confidence’, saying the evidence showed its IT systems were ‘unlawfully accessed in breach of the Computer Misuse Act’.
‘There is, of course, a risk that the injunction will not be effective,’ Johnson concluded. ‘There is a risk that the defendant will be able to hide behind the anonymity that it has successfully managed to maintain and that it will continue to act unlawfully behind the protection of technological systems designed to enable it to secure a ransom payable in bitcoin without disclosing its identity.
‘It is, however, far from certain that the defendant will be able to do that. There is at least the prospect that injunctive relief will result in a cessation of the defendant’s unlawful activity and, in any event, it may be that the grant of relief will assist the claimant in protecting its confidential information.’
A spokesperson for Ward Hadaway said: ‘Last month we successfully disrupted an attempted IT security incident involving temporary unauthorised access to part of our network. We immediately contained the incident, investigated alongside external forensic specialists and identified a limited impact on some of our data.
‘We are liaising closely with clients who may have been affected and the relevant authorities, including the Solicitors Regulation Authority, Information Commissioner’s Office and law enforcement, about this criminal activity. Our file management system was not affected so this incident has not disrupted our day-to-day operations.’
