UK listed law firm Gateley said that it has suffered a cyberattack, according to a filing to the London Stock Exchange on Wednesday.

The firm said it was managing a ‘cyber security incident’ after discovering that its systems had been breached by a ‘now known external source’. Gateley added in the filing that its IT team had quickly identified the attack and acted immediately to secure the firm’s systems.

Rod Waldie, Gateley’s CEO, said: “IT security is of paramount importance to Gateley and we had carefully planned for the occurrence of risk that a cyber breach could have on the business. Incidents of this nature are, sadly, prevalent. I am grateful that the prompt actions of our IT team have limited the impact of this incident and enabled us to resume our business operations swiftly.”

The firm said it will continue to investigate the breach over the coming days but initial findings suggest the incident was confined to ‘a very small part’ of its data store, with only around 0.2% of the company’s data being exposed.

“The impacted data was traced quickly and deleted from the location to which it had been downloaded and there is no evidence currently to suggest that this data has been further disseminated,” Gateley said in the stock exchange filing.

It added that the data did include some client data and that those clients will be notified once the firm’s investigations have progressed further.

Waldie said: “We are restoring all of our systems in a safe and secure manner as quickly as possible and do not expect at this stage any significant disruption to our day-to-day activities or financial performance.”

Gateley said it would update the market if there are any 'notifiable changes' to the situation.

Companies can face hefty financial penalties for data breaches under GDPR rules – fines can be as much as €20m or 4% of annual global turnover, whichever is greater. Almost €294m has been handed over in GDPR fines since 2018, according to Privacy Affairs’ GDPR Fines Tracker. The largest fine to date – €50m – was imposed by French regulators to Google in 2019.

Research published by Linklaters last June found that GDPR-related data breach notifications across major European markets had surged by two-thirds over the previous year.