Cyber security: Growing problem
The Bar Council and northern law firm Ward Hadaway have become the latest in a lengthening list of legal victims of cyber-attacks.
They follow the likes of conveyancing giant Simplify [1], listed law firm Ince [2], leading criminal practice Tuckers [3] and 4 New Square [4] chambers as cyber-attacks become an ever-growing risk.
The General Council of the Bar comprises the representative Bar Council and regulator Bar Standards Board.
In a joint statement issued today, Bar Council chief executive Malcolm Cree and Bar Standards Board director general Mark Neale said: “The General Council of the Bar has suffered a malicious cyber-attack. Action was taken swiftly and required taking our IT systems offline in order to stop the attack and prevent any data loss.
“Our priority remains the protection of our IT systems and data from further attack. We do not believe any data has been lost. We are doing all that we can to fix the problem as soon as possible.”
They said emails and the MyBar portal were temporarily unavailable, while applications for authorisation to practise have been extended a month to 31 May, as have renewals of court ID cards, which were due to expire at the end of this month, with the agreement of HM Courts & Tribunals Service.
The statement continued: “We are working at pace with our cyber security partners to cleanse and restore all systems and services and extend security arrangements.
“The attack has been reported to the Information Commissioner’s Office, National Cyber Security Centre and the police. We apologise to anyone who has had difficulties in contacting our organisations during this time.”
Ward Hadaway yesterday obtained an injunction against ‘persons unknown’ in a bid to prevent confidential data being released online if it failed to pay a ransom.
A spokesman said: “Last month we successfully disrupted an attempted IT security incident involving temporary unauthorised access to part of our network. We immediately contained the incident, investigated alongside external forensic specialists and identified a limited impact on some of our data.
“We are liaising closely with clients who may have been affected and the relevant authorities, including the Solicitors Regulation Authority, Information Commissioner’s Office and law enforcement, about this criminal activity.
“Our file management system was not affected so this incident has not disrupted our day-to-day operations.”