Tuckers – Cyber/Ransomware attack

August 31, 2020

Update posted 19 October 2020i

Further to our post of 31 August 2020, we have now been updated by the City of London police to the effect that 100% of the data that was extracted from our systems has been uploaded to the website (on the dark web) of the criminal cyber hacking group that extracted client data from part of our server infrastructure. On the one hand, we are pleased to have discovered that data relating to only about 60 clients (out of the potential to having taken records pertaining to more like 60,000 clients) was extracted from our systems. We are increasing our efforts to try and contact relevant individuals directly – but where the material was particularly old, it may not be easily possible to contact relevant people.

If you are a former client of Tuckers Solicitors and you are concerned that any part of your data has been subject to this breach of privacy as a result of this criminal ransomware attack, then please contact Adam Makepeace, Data Protection Officer, Tuckers Solicitors LLP, 39 Warren Street, London, W1T 6AF. Alternatively telephone on 020 7388 8333 or email to makepeacea@tuckerssolicitors.com

Original post published on 31 August 2020

On Sunday 23 August 2020, Tuckers were victim to a significant cyber attack, by an organised criminal group that have previously targeted many small, medium and large companies from around the world, as well as public authorities.  Fortunately, the CaseRatio case and practice management environment developed and maintained by our in-house IT team was resilient to the attack, which means that we have been able to operate largely unaffected.   

The most significant disruption to our systems resulted from the impact to our Microsoft Exchange server, meaning that we lost emails for two days, but those systems are now restored as well. 

The attack has been reported to the National Cyber Crime Unit, the Information Commissioner and the Solicitors Regulation Authority and we are cooperating with all relevant authorities with regards the impact of this attack.  Whilst our live file data has not been compromised, a file server containing predominately archived file data was attacked and we know that some data has been removed from our systems.  It appears that the group responsible have a history of publishing some or all of the stolen data online, in the absence of a significant ransom payment.

Unfortunately for our attackers, targeting a criminal defence firm, with income predominantly from the legal aid sector with a view to extorting money, is something of a fool’s errand.  We have not engaged in any way with the attackers with regards the extent of any ransom that they are seeking – however, we have been advised that this group often values the data it extracts from its victims at between £1m and £10m.  We are not minded to negotiate with a group that have committed a criminal offence to obtain our data, and in any event given we cannot afford to pay any such ransom, we are working on other avenues to mitigate the loss of any data and impact on any individuals – on the basis of advice received by the appropriate authorities.  

 We are monitoring the situation and if we believe any particular individual is affected as a result of this cyber attack, we will seek to contact them directly.