Allen & Overy data hit by hackers in ransomware attack

Allen & Overy, the “magic circle” law firm, has suffered a cyber attack on its systems, making it the latest big corporate to fall victim to a ransomware hack.

A&O confirmed it had “experienced a cyber security incident impacting a small number of storage servers”, after posts on social media platform X on Wednesday claimed the hacking group LockBit had attacked the legal giant and threatened to publish data from the firm’s files on November 28.

The firm did not identify which hacking group may be responsible.

“Investigations to date have confirmed that data in our core systems, including our email and document management system, has not been affected,” A&O said on Thursday. “As a matter of priority, we are assessing exactly what data has been impacted, and we are informing affected clients.”

The UK’s National Cyber Security Centre has warned that law firms present an attractive target for hackers due to the wealth of information they hold on companies across most sectors and regions. Hackers such as LockBit target companies and governments with ransomware that disables access to computer systems. Groups then often demand payments or threaten to release private data and communications.

Royal Mail suffered a ransomware attack by LockBit in January, one of the group’s most high-profile targets. The criminal gang threatened to publish or block access to Royal Mail’s data unless it received a payment from the postal service. At the time, LockBit claimed it had hacked 40 organisations in a month, from a private school in Malaysia to a dental group in Sydney.

A number of law firms have been targeted by hackers over the years, including a major attack on DLA Piper in 2017 by Petya ransomware. A group of law firms including Kirkland & Ellis were reportedly hit by a ransomware group earlier this year.

“Our technical response team, working alongside an independent cyber security adviser, took immediate action to isolate and contain the incident,” A&O said. “We appreciate that this is an important matter for our clients, and we take this very seriously. Keeping our clients’ data safe, secure, and confidential is an absolute priority. 

“The firm continues to operate normally with some disruption arising from steps taken to contain the incident,” it added.

A&O is one of London’s so-called magic circle elite law firms, along with Clifford Chance, Freshfields Bruckhaus Deringer, Linklaters, and Slaughter and May. A&O’s partners last month voted to merge with US law firm Shearman & Sterling to create a 4,000-lawyer firm by May 2024.