iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Nicholsons Solicitors closed down recently, but some client data remains accessible – and vulnerable.
The INC Ransom ransomware gang has listed Brisbane-based law firm Nicholsons Solicitors as a victim on its darknet leak site.
On 24 November, the firm was added to INC Ransom’s list of victims, along with several documents exfiltrated as part of the alleged hack. Included are correspondence with clients, court documents, debtors reports, client bank account details, credit notes, and property deeds.
A screenshot of a file directory shows a list of folders and their sizes, suggesting a potential data breach in the area of at least 250 gigabytes.
INC Ransom has not listed details of its ransom demand nor its deadline.
However, if the hackers are expecting a big payday, they may be waiting some time, as the firm appears to have closed recently.
Nicholsons Solicitors’ website currently redirects to a different site altogether, and its phone number has been disconnected. Google currently lists the firm as “permanently closed”.
Generally, when a law firm closes, a successor practice will take over custodianship of any archived files. It is the responsibility of this new practice to then take reasonable steps to secure and protect confidential information, such as that which appears to have been accessed and stolen – and very likely, in the future, published – by INC Ransom.
However, according to the Queensland Law Society, no such successor practice has been named in the case of Nicholsons Solicitors.
It seems, in this case, despite the data apparently being hosted on some legacy server somewhere, no one appears to be responsible for it.
“This scenario highlights a critical challenge in cyber security: the risks posed by unmanaged legacy data when businesses shut down,” Christiaan Beek, Rapid7’s senior director of threat analytics, told Cyber Daily.
“Even after closure, sensitive data often remains on servers or cloud systems that can become easy targets for attackers, especially if they’re no longer monitored or secured.”
The best practice in cases such as this, according to Beek, is to run a full data inventory before “securely wiping or encrypting systems and ensuring any retained data is managed by a custodian or compliant third party”.
“Without these steps, legacy data can linger as a liability, with no clear accountability. This incident underscores the need for greater awareness and stronger frameworks to manage residual data post-closure,” Beek said.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
