Allen & Overy says extent of cyberattack is still unclear

afr.com:

The Australian arm of Allen & Overy says it will inform local clients of any impact to their data “as soon as we can”, after the global law firm suffered a cyberattack earlier this month.

Local managing partner Jason Denisenko. 

Local managing partner Jason Denisenko said the firm was still working to determine the extent of the November 8 attack, which he described as affecting “a small number of servers”.

“While it is not currently possible to say how long this will take, we are doing everything we can to ensure this process is carried out quickly and accurately,” Mr Denisenko said in the statement.

Russian group Lockbit, which was responsible for attacks on DP World and Chinese bank ICBC in the same week, is threatening to release data stolen from Allen & Overy on the dark web on November 28.

Mr Denisenko’s comments are the first from any representative of the global firm since a brief statement acknowledging the attack on November 9.

He said the firm was “in close contact with our clients and colleagues, and are keeping them informed, as appropriate”.

The Australian arm of Allen & Overy houses approximately 35 partners and 130 fee-earning lawyers. It operates in the finance and resources sectors, and works with a number of critical infrastructure clients, including NBN Co and Port of Melbourne.

“The firm continues to operate normally with some disruption arising from efforts to contain the incident,” he said, adding that email and document management systems at the firm had not been affected by the cyberattack.

Mr Denisenko said the firm was complying with Australian regulatory requirements.

Josh Lemon, response director at cybersecurity firm Uptycs, said that “at this point, the firm probably does not know what