Call our legal experts on: 08081 965462

Request a Callback

IT Security Incident

May 2, 2025

We recently experienced an IT security incident involving temporary unauthorised access to our systems.

We take the privacy and security of the information held on our system extremely seriously, so we wanted to let you know about this matter at the earliest opportunity, and share information about what we know, what we’ve done about it and any measures you can take.

What happened

 We recently identified some suspicious activity on part of our network and quickly took steps to contain the incident as well as launching an investigation alongside external specialists.

Our investigations remain ongoing, but as part of the process we have been monitoring online sources for any reference to our firm. That monitoring recently identified a post on the dark web (an area of the internet not accessible via normal search engines) by those claiming to be responsible for the incident. In that post, they claim to have taken some data from our network.

We are currently working as a priority to validate those claims and to review what data may have been impacted.

What this means

We want to stress that we have not confirmed whether your data has been affected, but we are letting you know now on a proactive and precautionary basis.

What we can say at this stage is that neither our main case management system nor our emails were affected by the incident.

It is important to note that there is no evidence that your data was specifically targeted as part of this incident. Our understanding is that this was a financially motivated incident, intended to extort a ransom payment from us. Our position is that making a payment would not be consistent with our ethics or values as an organisation and would simply fund further criminal activity.

What you should do

Whilst we are working at pace to validate the extent to which any data we hold may have been impacted, this will be a time-consuming process. It is important that we take the time to conduct a thorough and comprehensive review so that we can accurately understand the scope of any impact. In the meantime, there are a number of steps you can take which are considered best practice to help prevent potential fraud or identity theft:

  • Use strong passwords and change them regularly.
  • Avoid using the same passwords across different platforms and tools and never use the same password for work and personal logins. If you have done so we would encourage you to change your personal password.
  • Try to keep passwords at least twelve to fifteen characters long and use numbers, upper case and lower case letters and symbols.
  • Never give out personal details over the phone unless you are sure who you are speaking to.
  • Look out for emails that don’t “feel” quite right. They may contain grammatical errors or ask you to do something out of the ordinary, like open an attachment or download a file.
  • Check your bank statements regularly for any unusual payments that you don’t recognise.
  • Remain vigilant for any unusual payment requests or bank detail changes.
  • Review direct debit and standing order arrangements to ensure they are as expected.
  • Enable multi-factor authentication on all your online services.

Next steps

We are taking this incident incredibly seriously and as such have informed the relevant authorities including the Information Commissioner’s Office, the Solicitors’ Regulation Authority and law enforcement.

We have never experienced an incident such as this and we are determined to do everything we can to prevent something similar happening again. We have engaged specialist advisers to understand if there are any further security changes that we can put in place to enhance our existing security systems.

We appreciate that this incident may cause some concern and we are committed to being as helpful as we can. We would like to apologise again for any concern that this may cause.

Unfortunately, the world of cybercrime is constantly evolving, and no organisation can completely rule out the possibility of experiencing this type of criminal activity. We are fully committed to learning any lessons from this incident to further enhance our IT security moving forward and, as mentioned above, have already begun this process.

If you have any queries or concerns relating to this incident, please contact us on 01946 692194, or email info@brockbanks.co.uk

IT Security

Request a Call Back

Provide us with a few details and we'll get back to you.

"*" indicates required fields

Consent*
To deal with your enquiry we need your permission to process the data collected in this form. The information is gathered for that purpose only and will never be passed to anyone else. Read our full privacy policy.
This field is for validation purposes and should be left unchanged.