back to article UK criminal defense lawyer hadn't patched when ransomware hit

Criminal defense law firm Tuckers Solicitors is facing a fine from the UK's data watchdog for failing to properly secure data that included information on case proceedings which was scooped up in a ransomware attack in 2020. The London-based business was handed a £98,000 penalty notice by the Information Commissioner's Office …

  1. Dr Scrum Master
    Headmaster

    Defense

    Defense!?

    1. Anonymous Coward
      Anonymous Coward

      Re: Defense

      My dog ran away because of a hole in defence.

    2. nobody who matters Silver badge

      Re: Defense

      Quite - being a UK lawyer he should be given the correct form of the word, and not the illiterate american one!

  2. Anonymous Coward
    Anonymous Coward

    Gee, now if only we could fine all the general public that are using insecure and infected computers and FORCE their systems offline so they can't be used as bots.

    1. Anonymous Coward
      Anonymous Coward

      So, everyone running Windows 10 or 11 then? =-)p

  3. Doctor Syntax Silver badge

    It seems tht once they were aware of the situation they acted appropriately. But it always seems to be the case that although there's no time and/or budget to fix things before the disaster strikes there's always time and budget to fix things after - including budget to pay a fine.

    1. Neil Barnes Silver badge

      See this stable door?

      Using it before the horse leaves would be good.

      1. Little Mouse

        However - "Tuckers refused to pay the ransom" is a definite plus.

    2. Flywheel
      Facepalm

      They were probably trying to work out if they could bill someone for the time and software costs...

  4. AlJahom

    So who was their MSP??

    I mean, it'd be a rare thing if a firm swimming in dosh like a prominent law firm did all their own IT, even if they had in-house architects, PMs and BAs.

    I onboarded several when I was working for an MSP. They're absolutely the worst customers, as they can run rings around you during MSA contract negotiation and management unless you retain your own top-tier shysters, and no-one can price that in.

    Which all means that any losses they've made will be aggressively recovered from the MSP. One of those situations where it's comforting to contemplate both sides losing.

    1. John Brown (no body) Silver badge

      Re: So who was their MSP??

      "I mean, it'd be a rare thing if a firm swimming in dosh like a prominent law firm did all their own IT,"

      "Predominantly Legal Aid". That means they are NOT swimming in dosh. For non-UK readers, Legal Aid is where the state pay for your legal representation if you meet the standards of not being able to afford it yourself.

  5. Anonymous Coward
    Boffin

    A satisfying but bad precedent

    A law firm got penalized - not jailed or flogged, but it's a start.

    OTOH, how many here have not yet applied patches because they are still testing them? How many here are running old software for compatibility reasons?

    Now, how many here would like the Information Commissioner's Office to second guess you?

    1. midgepad

      Re: A satisfying but bad precedent

      IANAL nor a commissioner, but I strongly suspect that if you have the patch on a test system and a notebook or log or mjnute or SOP indicating you are testing it, any criticism would be much more muted than in this case.

      For a reasonable duration of testing.

  6. Va9sWiass

    Some lawyers have to go to jail, and a sentence of a fine is not enough.

  7. tggenamho

    Law firms that hold sensitive data need to create a high level of security.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like