Legal Business Blogs

‘Sector needs to take this seriously’: cyber-attack on offshore firm Appleby sees data on brink of entering public domain

The growing threat of cyber-attacks shows no sign of abating, with news that global offshore firm Appleby was the victim of a data breach last year.

In a statement on the firm’s website posted yesterday (24 October), Appleby conceded that a ‘data security incident’ took place in 2016.

The statement read: ‘It is true that we are not infallible. Where we find that mistakes have happened we act quickly to put things right and we make the necessary notifications to the relevant authorities.’

Media reports have suggested that clients of the Bermuda-based firm, many of which are high-net worth individuals, could see their data leaked to the press in the coming days.

Appleby acknowledged in the statement that it had received enquiries from the International Consortium of Investigative Journalists (ICIJ) regarding the data leak.

The ICIJ had famously published the Panama Papers in 2016, a set of 11.5 million leaked documents containing client information of over 214,488 offshore entities. The papers explored links between offshore business and illegal practices such as fraud and tax evasion.

‘We take any allegation of wrongdoing, implicit or otherwise, extremely seriously. Appleby operates in highly regulated jurisdictions and like all professional organisations in our regions, we are subject to frequent regulatory checks and we are committed to achieving the high standards set by our regulators’, the firm said.

One cyber security specialist told Legal Business: ‘The legal sector needs to take this seriously. It’s only just waking up to it now. These breaches are happening all the time at the moment, four or five big ones a month.’

The expert noted that a response strategy is key in these situations. ‘Make sure you are ready to respond. This was a breach that happened last year. You need to be ready for when these things happen and know what you are going to say and do.’

Appleby added in its statement: ‘We are committed to protecting our clients’ data and we have reviewed our cyber security and data access arrangements following a data security incident last year which involved some of our data being compromised. These arrangements were reviewed and tested by a leading IT forensics team and we are confident that our data integrity is secure.’

The group also drew up a ‘containment and remediation summary’, which details the remedial measures taken by the firm following the breach, which included appointing a head of information security in March 2017 to oversee security across the group.

Appleby has ten offices spanning Bermuda, the British Virgin Islands, the Cayman Islands, Guernsey, Hong Kong, Isle of Man, Jersey, Mauritius, Seychelles and Shanghai.

In June, DLA Piper became collateral damage following a cyber-attack on one of its software suppliers in the most high-profile incident involving a law firm to date.