Skip to content
Menu

Home

In March 2022, Ward Hadaway experienced a cyber incident involving an unknown third party (‘threat actor’) attempting to execute ransomware on our network. Ransomware is a type of malicious software which is used to block access to data unless a ransom is paid.

Our investigation into the incident ascertained that whilst the ransomware was not successful, the unauthorised third party did gain access to limited parts of our network for a short period of time. During this period, the threat actor copied a limited amount of data from our systems.

Since the time of the incident, we have been working with specialist third parties to investigate and review what data was copied. We should note that the exfiltrated data has never been published by the threat actor, and nor do we expect it to be.

The review process took a significant amount of time, due to the complexity of the review we needed to undertake. This has now been completed, which brings the matter to a close.

We sent notification of the incident to all clients rapidly after the breach occurred, and since then have engaged in communication with those who have enquired further. We also engaged with the ICO throughout this process, as well as informing our regulator and the police authorities. All agencies, including the ICO have closed their file into the incident.

It is important to note that there is no evidence that any organisation was specifically targeted as part of this incident. The experts we engaged inform us that the incident was financially motivated and designed to disrupt our normal business operations, in an attempt to extort a ransom payment.  This attempt was unsuccessful in both respects.

At all times, our focus has been to continue providing the exceptional service our clients expect from us.  We are moving forward as a stronger firm, focusing on achieving the best outcomes for our clients.

If you have any questions about the above, you can contact James Sykes on james.sykes@wardhadaway.com.

We understand and appreciate the disruption and concern this has caused some of our clients.  We thank everyone for the patience and support demonstrated throughout this time – it was and continues to be invaluable to us.

Steven Petrie, Managing Partner

Some useful links:

NCSC – staying safe online – mainly for individuals: https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online

NCSC’s ‘cyber aware’ program: https://www.ncsc.gov.uk/cyberaware/home

NCSC’s business guide: https://www.ncsc.gov.uk/section/information-for/small-medium-sized-organisations