One of London’s leading commercial sets, Brick Court Chambers, is investigating a “potential cyber incident” following a report that it has been targeted by people using the Medusa hacking software.

A tweet from Daily Web Intelligence on X, formerly Twitter, claimed the set was targeted on the morning of 13 May. 

The chambers said in a statement: “We are aware of a potential cyber incident and we are actively working with external cyber specialists to investigate the extent of any data breach.

“Chambers remains fully operational and we are taking all necessary steps to secure our systems. At this stage of the investigation it is not clear whether client data has been impacted. We are investigating this matter as a matter of urgency. We decline to comment on the source of the incident.”

The Medusa ransomware strain steals and encrypts client files and sensitive data, rendering them inaccessible. Ransom demands, often in cryptocurrency, offer a key to unlock the data in return for significant payments.

The Medusa cyber gang was responsible for 99 breaches in the US, UK, Canada, Italy and France last year, according to the Financial Times.

Cyber attacks on chambers pose potential implications for regulators, law firms and the corporate clients served by sets like Brick Court Chambers, which include leading banks and insurers, nation-states, state-owned enterprises, high-net-worth individuals and multinational corporate entities and trust structures.

The set is known for its Commercial Court, appellate work and legacy EU, UK antitrust and cartel damages instructions. It also has a strong public law practice. Notable members include peers Lord Anderson of Ipswich KC, former UK Supreme Court justice Lord Sumption and arbitrator Lord Hoffman. Its current co-heads of chambers are highly respected advocates Helen Davies KC and Mark Howard KC.

The reported ransomware attack comes as the Law Society and Bar Council of England and Wales yesterday issued joint cybersecurity guidance, in the form of a questionnaire, updating previous guidance following attacks against chambers in 2021.

The National Cyber Security Centre reported in July 2023 that a ransomware attack in 2021 had affected 4 New Square – the former set of the current Lady Chief Justice. It said the attack affected the operation of critical IT systems and involved the exfiltration of sensitive data. As a result, the set's systems were briefly offline, but it was able to recover data from backups. The set subsequently obtained a court order against “persons unknown” – namely the hackers – in a bid to prevent the disclosure of any information obtained.

The new version of the Law Society and Bar Council’s guidance includes considerations on disaster recovery, business continuity and incident management, and data and device management. Protection against phishing, identifying vulnerabilities and penetration testing are also emphasised, reminding lawyers about the need for continuous efforts to improve cybersecurity.

Sam Townend KC, chair of the Bar Council, said: “Keeping client information safe is of paramount concern to barristers and chambers. Since it was launched two years ago, the cybersecurity questionnaire has provided a useful tool to help protect against the threat of cyberattacks in a proportionate way. Through joint work with the Law Society, we are making sure that this tool keeps pace with cybersecurity developments and responds to our members’ feedback.”