LockBit Cybercriminals Target Allen & Overy in New Data Breach


International law firm Allen & Overy (A&O) on November 8, 2023, confirmed that it had experienced a data incident. This revelation came in the wake of posts on social media by a self-described threat intelligence platform for cybersecurity, @FalconFeedsio. Suggesting that the cybercriminal group LockBit had targeted the firm, with a threat to release “all available data”. The incident raises concerns about data security and cyber threats faced by even the most prominent global organizations.

The Data Incident by LockBit

A&O acknowledged the data incident but assured that it had not affected its core systems, including email and document management. The incident was primarily isolated to a small number of storage servers, preventing more widespread disruption within the firm. However, there were disruptions arising from containment efforts undertaken by the firm in response to the situation.

The firm’s spokesperson stated,

Our technical response team, working alongside an independent cybersecurity adviser, took immediate action to isolate and contain the incident. Detailed cyber forensic work continues to investigate and remediate the incident.

Understanding LockBit Group

LockBit is a notorious ransomware group known for its audacious attacks on high-profile targets. In June, GCHQ’s National Cyber Security Centre (NCSC) issued a joint advisory with international agencies, indicating that LockBit was “almost certainly the most deployed ransomware strain in the UK.” The advisory further noted that LockBit posed the highest ransomware threat to UK organizations.

LockBit has made headlines in the past for its audacious attacks. It targeted Royal Mail with a ransomware attack in January, and when Royal Mail refused to pay a ransom demand, LockBit leaked the company’s data in February. The group also claimed responsibility for a cyberattack on aerospace giant Boeing in late October.

Data Breaches in the Legal Sector

The Solicitors Regulation Authority (SRA) issued a risk outlook report in June 2022, highlighting the increasing threats of cybercrime and the need for law firms to strengthen their information security measures. With growing reliance on IT systems, exacerbated by the COVID-19 pandemic, the legal sector faces new vulnerabilities that can be exploited by cybercriminals.

A&O is not the first major law firm to experience a data breach. In 2017, DLA Piper faced a cyberattack that led to a temporary shutdown. Other firms, including Kirkland & Ellis, K&L Gates, and Proskauer Rose, have also had their names listed on ransomware groups’ leak sites, indicating potential data breaches.

BCLP (Bryan Cave Leighton Paisner) discovered that it had been hacked in February, exposing the personal data of over 50,000 current and former employees of client Mondelēz International. A class-action lawsuit was filed against BCLP in response.

The data incident at Allen & Overy, with the looming threat from the LockBit group, underscores the critical need for law firms and other organizations to enhance their cybersecurity measures. The legal sector, like other industries, must remain vigilant against cyber threats and prioritize data security to protect their clients and uphold the trust placed in them. As data breaches continue to be a growing concern, the legal community must adapt to the evolving challenges of the digital age.

For more news and updates on Cybersecurity, visit The Cybersecurity Club.

Post navigation

Leave a Reply

Your email address will not be published. Required fields are marked *

Discord.io Data Breach Exposes Sensitive Information of About 760,000 Members

EY Data Breach Exposes 30,000 Bank of America Customers

PSNI Accidentally Exposes Data of 10,000 Officers in FOI Request Mishap

Air Canada Faces Cybersecurity Breach: Records Compromised