Cyber Incident Victim: Brydens Lawyers
Date:
Feb 2025
Location:
Australia
Summary
Brydens Lawyers experienced a significant cyber incident involving unauthorized access to its servers, resulting in the theft of over 600 gigabytes of sensitive data including client information, case files, and staff records. Foreign threat actors employed ransomware tactics to extort the firm, prompting it to take systems offline and engage external security advisors and legal experts. The breach was reported to Australian cybersecurity authorities, with investigations ongoing to determine the full scope of impacted parties. The firm confirmed its IT security has since been restored and committed to notifying affected individuals while coordinating mitigation efforts with relevant stakeholders.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Brydens Lawyers, a prominent Sydney-based law firm with significant ties to Australian sporting organizations including the NRL’s Wests Tigers, experienced a major cyber incident around February 20, 2025. The breach involved unauthorized access by foreign threat actors who exfiltrated approximately 600 gigabytes of sensitive data encompassing client files, case details, and internal staff information. Principal Lee Hagipantelis confirmed the security compromise within a week of its discovery, characterizing it as a "very significant and potentially damaging" breach of server integrity. The attackers employed ransomware tactics, leveraging the stolen data to extort the firm. Upon identifying the intrusion, Brydens immediately took its digital systems offline to contain the threat and initiated forensic investigations with external cybersecurity advisors, legal counsel, and technical experts. The firm formally reported the incident to the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC), complying with regulatory obligations. While Hagipantelis publicly assured stakeholders that IT security had been restored by late February, the full scope of compromised data remained under active assessment.
The breach exposed highly confidential legal documents entrusted to the firm, mirroring ransomware patterns observed in prior attacks against law practices such as New Zealand’s Bell and Graham in January 2025 and Australia’s HWL Ebsworth in 2023. Brydens’ operational disruptions included temporary system outages during containment, though client-facing communications emphasized continuity of compensation claim services. No specific ransom demands or payment outcomes were disclosed, nor were attacker identities confirmed beyond their foreign origin. The firm committed to notifying affected individuals post-investigation but had not released detailed impact assessments by the time of public statements. With offices across Sydney and regional New South Wales handling diverse legal matters, the incident carried reputational and operational risks amplified by Brydens’ high-profile sports sponsorships, including the Newcastle Jets and North Tamworth Bears. Comparative analysis highlighted the breach’s scale as smaller than HWL Ebsworth’s four-terabyte compromise but similarly consequential due to the sensitivity of legal client data. Brydens maintained public updates via its website while collaborating with authorities to mitigate further dissemination of stolen materials.