LONDON (Reuters) -Allen & Overy has suffered a “data incident”, the London-founded law firm said on Thursday, after social media posts suggested it had been hacked by the Lockbit cybercrime gang.
The attack, first reported by the Financial Times, comes after seven countries, including the United States and Britain, in June named Lockbit as the world’s top ransomware threat.
An Allen & Overy spokesperson said the firm had “experienced a data incident impacting a small number of storage servers”, but its email and document management system had not been affected.
The spokesperson also said Allen & Overy has suffered “some disruption”, but that it continued to operate normally.
“As a matter of priority, we are assessing exactly what data has been impacted, and we are informing affected clients,” the spokesperson added.
“We appreciate that this is an important matter for our clients and we take this very seriously.”
Lockbit took credit for the hack and gave a deadline of Nov. 28 for Allen & Overy to negotiate, according to the criminal group’s website on the dark web.
Allen & Overy’s spokesperson declined to give any further details about the incident.
Lockbit has already this year claimed to have hacked a number of high-profile companies, including aerospace giant Boeing and Britain’s Royal Mail.
In June, Britain and France’s cyber watchdog agencies warned that hackers are increasingly targeting law firms in an attempt to steal data that could tip the balance in legal cases.
Last year, the Solicitors Regulation Authority – which regulates solicitors in England and Wales – also warned that law firms’ growing dependence on IT following the coronavirus lockdown had created “more opportunities for cybercriminals”.
The cyber attack on Allen & Overy follows last month’s confirmation of its merger with U.S. law firm Shearman & Sterling, to create one of the world’s largest legal practices.
(Reporting by Sam Tobin; additional reporting by James Pearson; editing by Sarah Young and Tomasz Janowski)
