Offshore law firm braces for data exposure

| 25/10/2017 | 14 Comments

(CNS Business): One of Cayman’s leading offshore law firms is bracing for potential exposure of its business and that of its clients in the international media after admitting that it suffered a cyber security breach last year. Some of the information has found its way to the International Consortium of Investigative Journalists (ICIJ), which plans to publish some of what they have. While Appleby admitted that data was compromised in the hack, they gave no details of who did it, when it happened or how many clients were affected but denied any wrongdoing by it or its clients.

Regardless of the firm’s claims, the ICIJ have contacted the offshore lawyers about the documents they have, which do involve as yet unspecified allegations against Appleby and their clients that the investigative reporters are intending to release. Appleby claims the information could have been obtained illegally and risks exposing innocent parties.

“Having researched the ICIJ’s allegations we believe they are unfounded and based on a lack of understanding of the legitimate and lawful structures used in the offshore sector,” the firm said in a release about the impending exposure.

“We take any allegation of wrongdoing, implicit or otherwise, extremely seriously. Appleby operates in highly regulated jurisdictions and like all professional organisations in our regions, we are subject to frequent regulatory checks and we are committed to achieving the high standards set by our regulators. We are also committed to the highest standards of client service and confidentiality,” they added before admitting the security breach which is more than likely how the ICIJ managed to get the information.

“We are committed to protecting our clients’ data and we have reviewed our cyber security and data access arrangements following a data security incident last year which involved some of our data being compromised. These arrangements were reviewed and tested by a leading IT forensics team and we are confident that our data integrity is secure,” the firm added.

Satisfied that there is no evidence of any wrongdoing on the part of the firm or their clients, the release states that Appleby refutes any allegations which may suggest otherwise. “We would be happy to cooperate fully with any legitimate and authorised investigation of the allegations by the appropriate and relevant authorities,” the lawyers added.

“We are a law firm which advises clients on legitimate and lawful ways to conduct their business. We do not tolerate illegal behaviour. It is true that we are not infallible. Where we find that mistakes have happened we act quickly to put things right and we make the necessary notifications to the relevant authorities,” the firm said.

Appleby began life in Bermuda but established a local office in the 1940’s and is considered the oldest legal practice in the Cayman Islands.

Tags:

Category: Uncategorized

Comments (14)

Trackback URL | Comments RSS Feed

  1. MM says:

    These data breaches usually happen with the help of an insider. These large law firms and other corporate service firms on-island are far too comfortable with hiring people from all over the world without proper background checks and references – the first day you start you get major access to all sorts of things from client files to internal policies. You just have to get in the door and hold the job for a few weeks and you can get just about every electronic file the firm holds and lots and lots of personal information on clients.

    The large local firms I have worked at offer all sorts of first-day orientations about keeping data safe and identifying viruses and spam etc… and they spend a fortune each year for penetration testers to test their vulnerability to outside hacks.

    However, they are still way off from realizing hackers usually work with an insider source these days when it comes to grabbing this sort of vital data – today’s hackers are smart enough to know you cannot download terabytes of data without triggering server alerts, so they plant people. Sometimes it can take years to get a mole in; but those efforts would have paid off well with a data grab like this.

    The islands biggest law firms now have all sorts of data lock-down techniques so that nothing can be plugged in and nothing can be taken from their servers physically using another devie; but who needs that these days? You can set up a simple website with a file upload ability and grab anything and everything you want without it ever alerting anyone – the internet is still all open.

    The only way to be sure your data is safe is to be sure you know who you’re hiring – might as well hire locals since it is harder for them to hide and no where for them to run.

    And, for clients with a lot at stake – choose smaller firms that have more control and usually know their staff members personally or on a professional level for many years and have lower staff turnover rates. The constant staff changes and super-fast growth that forces these large firms to hire quickly to balance work loads is a recipe for infiltration by people with malicious intentions. Bigger isn’t always better.

  2. Anonymous says:

    Hope this is a non-starter, but if it is not, watch the world’s knee-jerk reaction. Global puppets.

  3. Anonymous says:

    Most of us know that in FS everything done these days has to be compliant with thousands of rules and regs, be it here or in BDA. You can bet your bottom dollar that the journalists here are going to take everything out of context and try to make scandals…even for people working entirely within the law..and whilst BDA will give a robust defense as they always do, if there is any Cayman link it will just be allowed to fester…Its about time CIG wrote to program makers (such as those producing NCIS) to inform them that we are compliant in pretty much every way and that the bad guys these days normally have accounts in Delaware or Nevada these days-biggest money laundering centres in the world. have you even tried to open a bank account here recently? Damn….

  4. Anonymous says:

    All Cayman client data seems safe. Appleby in Bermuda is a separately owned company from Appleby in Cayman and would have no reason to have (or have access to) Cayman data.

    • Tone says:

      I read it as the Cayman operation suffered the breach. Was it the Bermuda office? CNS?

      CNS: I don’t think it’s clear at this point how widespread the breach was.

      • Anonymous says:

        From the press it seems there is an Isle of Man VAT scheme concerning private jets that is undergoing scrutiny. Perhaps it was only in the Isle of Man office of Appleby that had its data accessed. It cannot have been Cayman as Cayman would not have Isle of Man data, just as Isle of Man would not have Cayman Data. Isle of Man Appleby is a different company from Cayman Appleby and would have no access to Cayman data.

      • Anonymous says:

        Looks like Isle of Man…

  5. Anonymous says:

    Their clients must be wondering why the breach wasn’t reported earlier. Anyone smell a litigation avalanche coming soon to law firm near you?

    • Anonymous says:

      If 1. The data was stolen 2. The journalists publish it and 3. the clients are innocent of any wrongdoing… then wouldn’t it be the journalists that get sued?

    • Anonymous says:

      Oh please. These investigators don’t even have a clue. They are always grabbing st straws.

  6. Anonymous says:

    Awful news. Reaching for popcorn…

  7. Anon oldie says:

    Appleby never established an office here in the 1940s – they merged with Hunter and Hunter in the 2000’s and the name Appleby was then used locally. Hunter and Hunter was the oldest Cayman law firm (probably) with Clifton Hunter a “legal practitioner” – helping people with land transfers and such. His son Arthur is a qualified lawyer and grew the firm in the 80s and 90s. Since his retirement the firm has grown considerably.

    To be honest it’s surprising there aren’t more instances in law firms and similar in Cayman – stealing data is so easy by any employee. Anyone with a pc can download a couple of terrabytes of data onto a very small disk or solid state stick that hangs off a simple USB connector. That amount of storage is enough for every document in a medium sized law-firms files.

Please include your email address in the form below if you are using your real name. You can use a pseudonym, with or without leaving an email address, or just leave the form blank to be "Anonymous". All comments will be moderated before they are published. The CNS Comment Policy is at the top of this page.

This site uses Akismet to reduce spam. Learn how your comment data is processed.