Archived client data was held to ransom and published on the dark web
The Information Commissioner’s Office (ICO) has fined leading criminal defence firm Tuckers Solicitors £98,000 for breach of the General Data Protection Regulation (GDPR), which emerged after the firm suffered a ransomware attack in August 2020.
On 24 August 2020, Tuckers became aware of a ransomware attack on its systems when parts of its IT system became unavailable. Upon investigation, it found a ransomware note from an attacker stating it had compromised Tuckers’ systems. The next day, the firm determined the attack had resulted in a personal data breach.
An attacker had encrypted 972,191 individual files, of which 24,712 related to court bundles; of the encrypted bundles, 60 were exfiltrated b...