Cyber Incident Victim: CTS
Date:
Oct 2023
Location:
United Kingdom
Summary
CTS, a UK‑based managed IT services provider for law firms, reported a service outage stemming from a cyber‑incident that the company has not disputed suggestions involved the CitrixBleed vulnerability on a NetScaler appliance linked to its former subsidiary Sprout Technologies. The outage disrupted access to case files for dozens of law firms, affected house sales and mortgage processes, and prompted the provider to notify the UK Information Commissioner’s Office while working with external forensics experts to restore services without giving a firm timeline.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or before 1 November 2023, CTS, a UK‑based provider of managed IT services for law firms and the professional services industry, began experiencing a service outage that impacted a portion of the services delivered to some of its clients. The company confirmed on its website that the outage resulted from an unspecified cyber‑incident. CTS stated that it was working closely with a leading global cyber forensics firm to conduct an urgent investigation and to assist with service restoration. The company also said it continued to work around the clock with third‑party experts. While CTS expressed confidence that services would be restored, it noted that it could not provide a precise timeline for full restoration. CTS added that it would communicate directly with affected clients, providing regular updates on the status of restoration work and the ongoing investigation.

Industry publication Today’s Conveyancer reported that close to 80 law firms were believed to have been affected by the upstream cyberattack, leaving those firms unable to access their case files since the previous Wednesday. Reports on social media indicated that the outage disrupted house sales and purchases across the United Kingdom, forcing customers to face unexpected accommodation and storage costs as well as mortgage offers that were soon to expire. Law firm Taylor Rose MW said its operations were currently impacted because of the CTS cyberattack, apologised to clients, and noted that it was in close contact with the supplier and expected the issue to be resolved in the coming days while seeking alternative solutions for urgent client matters. O’Neill Patient Solicitors posted on its website that it was experiencing some service disruption due to an outage affecting a number of organisations across the legal sector. Talbots Law, based in the West Midlands, said on its website that it was encountering difficulties stemming from a technical outage affecting multiple organisations within the legal sector. One Taylor Rose customer, identified only as Lindsay, told TechCrunch that she should have completed a house sale exchange on 22 November but had not done so, that her mortgage offer expired on 30 November, and that she feared losing thousands of pounds and being unable to move if the process was not finished in time.
CTS had notified the Information Commissioner’s Office of the incident, as confirmed by a spokesperson for the regulator. UK organisations are required to notify the ICO within 72 hours of discovering a data breach of personal information. The company’s spokesperson, Natalie Kissack, declined to answer questions from TechCrunch when reached for comment. Security experts posted on Mastodon that the breach might be linked to an exposed NetScaler appliance belonging to Sprout Technologies, a firm that merged with CTS in 2020, and suggested that the CitrixBleed vulnerability could have been exploited. CTS did not dispute those claims, although it had not confirmed the nature of the cyber incident or how its systems were compromised. In its brief website statement, CTS reiterated that while it remained confident that services would be restored, it was unable to give a precise timeline for full restoration.
