Cyber Incident Victim: Nelsons
Date:
May 2022
Location:
United Kingdom
Summary
A cyber attack on a UK legal firm resulted in unauthorized access to confidential client data, including personal identification details. The organization notified affected individuals approximately six weeks post-incident, prompting concerns about delayed disclosure, and engaged external IT specialists to restore systems while confirming less than 2% of its stored data was compromised. The firm reported the breach to the Information Commissioner's Office and offered impacted clients fraud assistance and insurance reimbursement services to mitigate potential harms.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 30, 2022, Nelsons, a UK-based legal firm with offices in Derby, Leicester, and Nottingham, experienced a cyber attack resulting in unauthorized access to confidential client data. The attackers copied personal identification details and other sensitive information belonging to clients, though the firm stated only less than 2% of its total stored data was compromised. Two anonymous Derby clients reported receiving notification of the breach approximately six weeks after the incident occurred, with one expressing frustration over the delayed disclosure and difficulties in securing their compromised information. The accessed data varied by individual, with not all affected clients having identical documents exposed. Nelsons confirmed the hackers claimed possession of copied personal data but emphasized the limited scope of the breach relative to their total data holdings. The incident did not significantly disrupt daily operations due to existing security processes.
Nelsons initiated containment measures immediately upon discovering the breach and engaged external cybersecurity specialists to investigate and restore affected systems. The firm conducted a review of compromised files and directly notified individuals identified as potentially impacted once the investigation clarified the nature of the exposed data. It offered tailored support services to affected clients, including fraud assistance, resolution services, and insurance reimbursement for fraud-related losses. Nelsons reported the incident to the UK Information Commissioner’s Office (ICO), which confirmed it was making further enquiries. The firm defended its delayed client notifications by stating it prioritized accuracy over speed to avoid premature or unnecessary alarm, opting to contact individuals only after establishing a clearer understanding of the compromised information. Internal communications emphasized ongoing availability of client contacts for additional queries alongside the specialized breach response services.