On 24th February, Coole Bevis LLP became aware that it was the victim of a sophisticated cyber-attack, despite having robust systems in place.
Our Data Protection Officer, Jonathan Everett, has reported this attack to all necessary regulatory authorities including the Information Commissioner and Action Fraud. Intensive IT work has been ongoing since then to understand all the implications, including how long it will take to safely restore our systems.
We believe that the criminals accessed only a small proportion of our data but IT experts are still working to identify what that comprises. Our bank accounts and client monies remain secure. We are continuing to receive and make payments as normal. Our emails were not part of the attack.
We understand that all our clients and contacts will be extremely anxious about their personal details. The immediate question will be: “What should I do to protect myself if my data has been stolen?”
Please exercise extreme vigilance. We recommend the following:
- Change your email passwords. Use complex passwords with a combination of lower and upper-case letters, numbers and symbols. Do not use the same password across your accounts.
- Watch out for any spam, phishing or unsolicited emails. Do not open them and NEVER open an attachment if you do not know exactly who sent it and why.
- Be particularly mindful of any messages presenting as the firm requesting a change of beneficiary details or an update of your bank details. We would not make contact with you to do this. Please never give out this information and delete any such contact.
- Beware of unsolicited telephone calls, texts or instant messages. Again, do not click on any link unless you are 100% certain it is safe.
- Some anti-virus providers e.g. Norton, have software to identify and help if you become a victim of identity theft, including Dark Web monitoring to let you know if information that may belong to you is found on the dark web.
- You may wish to use a service like Experian which offers a free credit reference check as many times as you like without affecting your credit score. They also have a paid internet and Dark Web monitoring service, as above.
We are not yet in a position to identify and notify personally any client or contact who may have been affected. If you are concerned, please email or telephone your usual contact at the firm. If you do not have their name, our reception staff will transfer you to someone who can help. If no-one is available, our receptionists will take your name and number and ask someone to return your call.
We will try to answer any questions that you may have with complete transparency. However, at this stage there is much that we still do not know ourselves. As we understand more, we will update this notice.
Thank you for your understanding.
