Langley Twigg Law Confirms Data Security Incident After Ransomware Attack

Langley Twigg Law, a New Zealand–based firm, has reported a data security incident following claims by a ransomware group that it infiltrated the firm’s internal network and exfiltrated sensitive information.

 

Langley Twigg Law is a law firm based in Hawke’s Bay, New Zealand, with offices in Napier and Havelock North, providing a broad range of legal services including property, commercial, rural, and estate law. The firm is a member of the Lawlink network and acts for individuals and businesses.

 

In a data security incident Notice posted on its website, Langley Twigg Law said that on 11 January, it became a victim of a data security incident where unauthorised threat actors infiltrated its internal network.

 

The law firm immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. It also took steps to contain the incident, including taking affected systems offline, and notified relevant authorities such as the Office of the Privacy Commissioner and the New Zealand Police.

 

“Our network was targeted by a sophisticated malicious attack using a new strain of a virus that was not recognised by anti-virus programs at the time. An update has since been deployed which recognises this new malware strain.

 

“Before our systems were restored using backup copies, these were thoroughly sanitised and measures taken to further bolster security,” the law firm said.

 

The firm’s investigation confirmed that the incident resulted from a malicious “third-party attack” and that some client data was copied from its file server. The firm is continuing to assess the incident to determine the full extent of the data that may have been accessed.

 

 

The data security incident notice follows claims by the Anubis ransomware group that it breached Langley Twigg Law’s internal network and listed the firm as a victim on its data leak site. The group has published sample data to support its claims, including confidential company documents, employee passport scans, and other personal information relating to the firm’s clients.