A major offshore law firm has admitted a data security incident last year could lead to the imminent public exposure of its high net worth clients’ financial details.
Bermudan firm Appleby, which claims to be one the world’s largest providers of “offshore legal services”, came clean in a lengthy statement issued yesterday.
The statement seems to be an attempt to head off expected reports led by the International Consortium of Investigative Journalists and its media partners, which Appleby said would contain “allegations made against our business and the business conducted by some of our clients”.
It added:
“Appleby has thoroughly and vigorously investigated the allegations and we are satisfied that there is no evidence of any wrongdoing, either on the part of ourselves or our clients. We refute any allegations which may suggest otherwise and we would be happy to cooperate fully with any legitimate and authorised investigation of the allegations by the appropriate and relevant authorities.”
It's unclear what bombshells lie in store. However, the incident comes around 18 months after a huge volume of highly sensitive data was stolen from Panama-based law firm Mossack Fonseca, exposing the private financial dealings of the super-rich and world leaders including Vladimir Putin and Xi Jinping.
Appleby said a leading forensics firm has since reviewed its cybersecurity and “data access arrangements”.
The firm maintains that the allegations set to land “are unfounded and based on a lack of understanding of the legitimate and lawful structures used in the offshore sector”.
The incident once again highlights why law firms are such as highly prized target for hackers, containing highly sensitive data on clients.
In January, three Chinese nationals were charged with hacking the servers of two US law firms, using the info they stole to make millions in illegal trades.
“Many of the allegedly compromised documents are extremely sensitive and normally should exist only on paper. If the law firm digitized them without the highest degree of care, it may be found liable for negligence and have to compensate the victims of the breach,” argued High-Tech Bridge CEO, Ilia Kolochenko. “On their side, the law firm can try to implead the IT company who installed the digital system, especially if they had an indemnity clause in their contract.”