Allen & Overy (A&O), one of London’s prestigious “magic circle” law firms, has become the latest corporate entity to fall victim to a cyber attack, underscoring the growing threat of ransomware hacks targeting major organizations.
A&O officially confirmed the incident, stating, “We have experienced a cyber security incident impacting a small number of storage servers.” This acknowledgment came after claims on the social media platform X suggested that the hacking group LockBit had breached the legal giant’s systems and threatened to release the firm’s data on November 28.
While the firm confirmed the attack, it did not pinpoint the specific hacking group responsible. A&O released a statement, saying, “Investigations to date have confirmed that data in our core systems, including our email and document management system, has not been affected. As a matter of priority, we are assessing exactly what data has been impacted, and we are informing affected clients.”
The UK’s National Cyber Security Centre has previously warned that law firms make attractive targets for cyber attackers due to the wealth of sensitive information they possess, covering companies from various sectors and regions. Typically, cybercriminals deploy ransomware that disables access to computer systems, followed by demands for payment or threats to disclose private data and communications.
LockBit, the hacking group in question, has targeted various entities in the past, including Royal Mail, which fell victim to a ransomware attack earlier this year. The group threatened to publish or block access to Royal Mail’s data unless they received a payment. At that time, LockBit claimed to have targeted 40 organizations in just one month, from a private school in Malaysia to a dental group in Sydney.
A&O is not the first law firm to face such an attack, as DLA Piper experienced a major breach by Petya ransomware in 2017. Recently, several law firms, including Kirkland & Ellis, reportedly fell victim to ransomware attacks.
A&O took immediate action in response to the cyber attack. Their technical response team, working alongside an independent cyber security adviser, acted swiftly to isolate and contain the incident. The firm emphasized the significance of this issue to their clients, stating, “We appreciate that this is an important matter for our clients, and we take this very seriously. Keeping our clients’ data safe, secure, and confidential is an absolute priority.”
Despite the disruption caused by the containment measures, A&O assured that they continue to operate normally. This incident comes shortly after A&O’s partners voted to merge with the US law firm Shearman & Sterling, with the aim of creating a 4,000-lawyer firm by May 2024.
