Allen & Overy in difficult situation over hack, say rivals
Cybersecurity experts from rival law firms say Allen & Overy’s Australian arm is “damned if they do and damned if they don’t” update the public on a cyberattack on the global firm’s storage systems last week.
The experts, from the consulting divisions of Clayton Utz and MinterEllison, said that victims of cyberattacks should err on the side of informing the public of the steps they have taken to inform authorities and clients in response to a ransomware attack.
The Australian division of London-based firm Allen & Overy has declined to comment on the cyberattack on multiple occasions since it was first approached by The Australian Financial Review on Monday.
Brenton Steenkamp, Clayton Utz’s lead cyber security partner.
The firm is understood to have informed local authorities about the cyberattack, and has contacted its Australian clients.
Russian-linked hacking group LockBit is threatening to release files stolen from the Allen & Overy on the dark web from November 28.
The firm’s only public update as of late on Thursday came in the form of a global statement last Friday, which said it was “assessing what data has been impacted” and that “detailed cyber forensic work continues to investigate and remediate the incident”.
Shannon Sedgwick, lead partner of MinterEllison consulting’s cybersecurity practice, told the Financial Review that Allen & Overy finds itself “in a very difficult position as the victim of a cyberattack”.
He said firms had to balance the need for transparency to assure clients and the public with the dangers of disclosing information too quickly.
The length and complexity of investigations into cyberattacks can complicate matters for victims, Mr Sedgwick said. “It’s very difficult decision to make of
Read more on afr.com
