Alleged hack on Qld firm exposes unprotected data
A ransomware gang claimed it has a raft of client documents that was left unprotected when a Queensland law firm closed its doors.
The INC Ransom ransomware gang has listed Brisbane-based law firm Nicholsons Solicitors as a victim on its darknet leak site.
A screenshot of a file directory shows a list of folders and their sizes, suggesting a potential data breach in the area of at least 250 gigabytes.
INC Ransom has not listed details of its ransom demand nor its deadline.
However, if the hackers are expecting a big payday, they may be waiting some time, as the firm appears to have closed recently.
Nicholsons Solicitors’ website currently redirects to a different site altogether, and its phone number has been disconnected. Google currently lists the firm as “permanently closed”.
Generally, when a law firm closes, a successor practice will take over custodianship of any archived files. It is the responsibility of this new practice to then take reasonable steps to secure and protect confidential information, such as that which appears to have been accessed and stolen – and very likely, in the future, published – by INC Ransom.
However, according to the Queensland Law Society, no such successor practice has been named in the case of Nicholsons Solicitors.
It seems, in this case, despite the data apparently being hosted on some legacy server somewhere, no one appears to be responsible for it.
“This scenario highlights a critical challenge in cyber security: the risks posed by unmanaged legacy data when businesses shut down,” Christiaan Beek, Rapid7’s senior director of threat analytics, told Cyber Daily - Lawyers Weekly's sister brand.
“Even after closure, sensitive data often remains on servers or cloud systems that can become easy targets for attackers, especially if they’re no longer monitored or secured.”
The best practice in cases such as this, according to Beek, is to run a full data inventory before “securely wiping or encrypting systems and ensuring any retained data is managed by a custodian or compliant third party”.
“Without these steps, legacy data can linger as a liability, with no clear accountability. This incident underscores the need for greater awareness and stronger frameworks to manage residual data post-closure,” Beek said.
Author’s Note: This article first appeared on Cyber Daily, Lawyers Weekly’s sister brand.