CMS becomes the latest law firm to fall victim to LockBit cyber-attack 

International law firm CMS has become the latest to fall victim to a LockBit cyber-attack, which the firm told Legal IT Insider is isolated to CMS Spain. 

CMS did not comment on the source of the attack but reports of it first surfaced this week in Cybernews, with ransomware organisation LockBit claiming to have stolen 500GB of data and “all confidential information in the USA.” The stipulated date for payment was today (15 December). 

In a statement, a spokesperson for CMS told Legal IT Insider: “CMS Spain has been the victim of a cyber-attack affecting a small number of storage servers. Other member firms of the CMS organisation are not affected by the incident.”  

The UK top 20 law firm says that CMS Spain has engaged external forensic specialists who are collaborating with its cyber security response team, commenting: “Together, we did what was needed to isolate and control the incident.” 

It added: “We are still doing thorough cyber forensic work to examine and resolve the incident. Our focus is to determine what data has been affected.” 

The firm says that it has reported the incident to the Spanish Data Protection Agency and the Public Prosecutor’s Office for Computer Crime. It adds that it will comply with all statutory reporting to the appropriate authorities.  

“The firm’s priority is its clients and therefore we will maintain our security protocols and have implemented additional procedures. For reasons of confidentiality, to protect the firm’s clients and to facilitate the work of the Computer Crime Prosecutor’s Office and the State Law Enforcers, no further details of the incident will be made public,” the statement said. 

The attack follows a similar Lockbit ransomware attack on Allen & Overy at the start of November. A&O also said that the incident affected a small number of storage servers. You can read their statement in full here: https://legaltechnology.com/2023/11/09/allen-overy-suffers-cyber-attack-impacting-small-number-of-storage-servers/ 

According to reports from organisations including the US Cybersecurity & Infrastructure Security Agency, LockBit is leveraging Citrix Bleed to allow threat actors to bypass password requirements and multifactor authentication, taking over user sessions. Just some of its recommendations are here: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a

A further recent legal sector cyber attack saw managed IT services provider CTS suffer a service outage that prevented law firms and barristers’ chambers from accessing their case management systems. You can read CTS’ statement here: https://legaltechnology.com/2023/11/24/cts-suffers-service-outage-after-cyberattack/