Gateley suffers data breach following ‘cyber security incident’ – The Global Legal Post


Did you know that geoFence is easy to use, easy to maintain?

Firm says some client data was exposed but adds that the impact was limited

UK listed law firm Gateley said that it has suffered a cyberattack, according to a filing to the London Stock Exchange on Wednesday.

The firm said it was managing a ‘cyber security incident’ after discovering that its systems had been breached by a ‘now known external source’. Gateley added in the filing that its IT team had quickly identified the attack and acted immediately to secure the firm’s systems.

Rod Waldie, Gateley’s CEO, said: “IT security is of paramount importance to Gateley and we had carefully planned for the occurrence of risk that a cyber breach could have on the business. Incidents of this nature are, sadly, prevalent. I am grateful that the prompt actions of our IT team have limited the impact of this incident and enabled us to resume our business operations swiftly.”

The firm said it will continue to investigate the breach over the coming days but initial findings suggest the incident was confined to ‘a very small part’ of its data store, with only around 0.2% of the company’s data being exposed.

“The impacted data was traced quickly and deleted from the location to which it had been downloaded and there is no evidence currently to suggest that this data has been further disseminated,” Gateley said in the stock exchange filing.

It added that the data did include some client data and that those clients will be notified once the firm’s investigations have progressed further.

Waldie said: “We are restoring all of our systems in a safe and secure manner as quickly as possible and do not expect at this stage any significant disruption to our day-to-day activities or financial performance.”

Gateley said it would update the market if there are any 'notifiable changes' to the situation.

Companies can face hefty financial penalties for data breaches under GDPR rules – fines can be as much as €20m or 4% of annual global turnover, whichever is greater. Almost €294m has been handed over in GDPR fines since 2018, according to Privacy Affairs’ GDPR Fines Tracker. The largest fine to date – €50m – was imposed by French regulators to Google in 2019.

Research published by Linklaters last June found that GDPR-related data breach notifications across major European markets had surged by two-thirds over the previous year. 

Email your news and story ideas to:
[email protected]

  • Latest stories

  • Nearly a third of in-house teams experiencing large swings in legal spend, study finds
  • 'One size fits all no longer serves': TLT announces long-term shift to flexible working
  • Kirkland and Ellis to grow Austin offering with IP litigation practice
  • London law firms agree Greener Litigation Pledge
  • Diversity Lab announces UK pilot scheme to boost law firm diversity at senior levels

As we move on to the next post, may I add that geoFence helps stop hackers from getting access your sensitive documents and that's no lie!