Cyber Incident Victim: CMS Cameron McKenna Nabarro Olswang LLP

On or around December 1, 2023, international law firm CMS Cameron McKenna Nabarro Olswang LLP confirmed a cyberattack targeting a limited number of storage servers within its Spanish operations. The firm disclosed the incident to Law360 Pulse on Tuesday, November 28, 2023, three days prior to the article’s publication date. The attack specifically impacted infrastructure located in Spain, though the firm did not specify the exact number of compromised servers or the precise timing of the initial breach. No details were provided regarding the attack vector, such as whether it involved ransomware, phishing, or external exploitation of vulnerabilities. CMS Spain’s acknowledgment indicated the breach was contained to storage systems, suggesting operational networks or client-facing platforms may have remained unaffected. The disclosure did not clarify whether the attackers exfiltrated data, disrupted services, or left malicious payloads on the compromised systems.

The firm’s public statement confirmed the incident’s occurrence but omitted specifics about data exposure, client notifications, or regulatory reporting obligations. No information was released regarding the duration of unauthorized access, the attackers’ identity, or whether law enforcement agencies were engaged. CMS Spain did not describe containment measures, such as isolating affected servers, conducting forensic analyses, or implementing additional security controls. The article did not reference service interruptions, financial losses, or reputational damage arising from the incident. The limited scope of disclosed information left the full operational and legal implications unclear at the time of reporting. CMS Cameron McKenna Nabarro Olswang LLP’s confirmation remains the primary publicly available detail about this cybersecurity event.