Law firm fined £98,000 after data breach

Tuckers Solicitors has been fined £98,000 as a result of their ‘failure to implement appropriate technical and organisation measures’ which led to a personal data breach. The firm was subject to an extensive ransomware attack which resulted 972,191 files being stolen and later published on the dark net.

A large number of the stolen files were taken from court bundles. These bundles related to both criminal and civil proceedings and contained vast amounts of personal data including witness statements and medical files. The Information Commissioner’s Office (ICO) have reported that the hacker infiltrated an app used by the firm’s employees to create their own account and gain access to the firm’s network.

The ICO found that, despite the primary culpability for the breach resting with the attacker, Tucker’s had left a ‘weakness to exploit’ by failing to put in place sufficient cybersecurity measures in line with GDPR requirements, including regular cybersecurity training for employees. The watchdog outlined that relatively cheap preventative measures, such as multi-factor authentication for remote access and regular training would have made it significantly more difficult for the attackers to enter the network and steal the documents.

Regulatory Hosting

Laven offers a UK regulatory hosting platform which provides clients with the opportunity to conduct regulated activities as an Appointed Representative (AR).

LinkedIn

Follow us on LinkedIn for company updates and the latest news.

Recent articles