Exclusive: INC Ransom Claims Hacking of Closed Queensland Law Firm

Exclusive: INC Ransom Claims Hacking of Closed Queensland Law Firm

Exclusive: INC Ransom Claims Hacking of Closed Queensland Law Firm

Nicholsons Solicitors recently closed its doors, but some client data remains accessible – and vulnerable.

Ransomware gang INC Ransom has listed Brisbane-based law firm Nicholsons Solicitors as a victim on its darknet leak site.

On November 24, the company was added to the INC Ransom victim list, with several documents exfiltrated as part of the alleged hack. Included are customer correspondence, court documents, debtor reports, customer bank account details, credit notes and property deeds.

A screenshot of a file directory shows a list of folders and their sizes, suggesting a potential data breach of at least 250 gigabytes.

INC Ransom did not list the details of its ransom demand or its deadline.

However, if the hackers are expecting a big payday, they might wait a while, as the company appears to have closed its doors recently.

The Nicholsons Solicitors website currently redirects to a completely different site and their phone number has been disconnected. Google currently lists the business as “permanently closed.”

Typically, when a law firm closes, a successor firm will take over custody of all archived files. It is the responsibility of this new practice to then take reasonable steps to secure and protect confidential information, such as that which appears to have been accessed and stolen – and very likely, in the future, published – by INC Ransom.

However, according to the Queensland Law Society, no such practice was named in the case of Nicholsons Solicitors.

It seems that in this case, even though the data is apparently hosted somewhere on an existing server, no one seems to be responsible for it.

“This scenario highlights a critical cybersecurity challenge: the risks posed by unmanaged legacy data when businesses close their doors,” Christiaan Beek, senior director of threat analysis at Rapid7, told Cyber ​​​​Daily.

“Even after closure, sensitive data often remains on servers or cloud systems that can become easy targets for attackers, especially if they are no longer monitored or secured. »

The best practice in cases like this, according to Beek, is to perform a full data inventory before “securely wiping or encrypting systems and ensuring that any retained data is managed by a custodian or compliant third party”.

“Without these steps, existing data can remain a liability, with no clear accountability. This incident highlights the need for greater awareness and stronger frameworks to manage residual data after closure,” Beek said.

The Trumps have gone full crypto with World Liberty Financial

The Trumps have gone full crypto with World Liberty Financial

AI helped Shein become fast fashion's biggest polluter

AI helped Shein become fast fashion’s biggest polluter

Leave a Reply

Your email address will not be published. Required fields are marked *