unknown attacks Tuckers Solicitors

Incident Date:

August 15, 2020

World map



unknown attacks Tuckers Solicitors


Tuckers Solicitors




London, United Kingdom

, United Kingdom

First Reported

August 15, 2020

Update on Cyber Attack and Data Breach

“Further to our post of 31 August 2020, we have now been updated by the City of London police to the effect that 100% of the data that was extracted from our systems has been uploaded to the website (on the dark web) of the criminal cyber hacking group that extracted client data from part of our server infrastructure. On the one hand, we are pleased to have discovered that data relating to only about 60 clients (out of the potential to having taken records pertaining to more like 60,000 clients) was extracted from our systems. We are increasing our efforts to try and contact relevant individuals directly – but where the material was particularly old, it may not be easily possible to contact relevant people.

On Sunday 23 August 2020, Tuckers were victim to a significant cyber attack, by an organised criminal group that have previously targeted many small, medium and large companies from around the world, as well as public authorities. Fortunately, the CaseRatio case and practice management environment developed and maintained by our in-house IT team was resilient to the attack, which means that we have been able to operate largely unaffected. The most significant disruption to our systems resulted from the impact to our Microsoft Exchange server, meaning that we lost emails for two days, but those systems are now restored as well. The attack has been reported to the National Cyber Crime Unit, the Information Commissioner and the Solicitors Regulation Authority and we are cooperating with all relevant authorities with regards the impact of this attack.

Whilst our live file data has not been compromised, a file server containing predominately archived file data was attacked and we know that some data has been removed from our systems. It appears that the group responsible have a history of publishing some or all of the stolen data online, in the absence of a significant ransom payment. Unfortunately for our attackers, targeting a criminal defence firm, with income predominantly from the legal aid sector with a view to extorting money, is something of a fool’s errand.

We have not engaged in any way with the attackers with regards the extent of any ransom that they are seeking – however, we have been advised that this group often values the data it extracts from its victims at between £1m and £10m. We are not minded to negotiate with a group that have committed a criminal offence to obtain our data, and in any event given we cannot afford to pay any such ransom, we are working on other avenues to mitigate the loss of any data and impact on any individuals – on the basis of advice received by the appropriate authorities.

We are monitoring the situation and if we believe any particular individual is affected as a result of this cyber attack, we will seek to contact them directly...”

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.