Cyber Incident Victim: Langley Twigg Law
Date:
Jan 2026
Location:
New Zealand
Summary
Langley Twigg Law, a New Zealand law firm, experienced a cyber intrusion when the Anubis ransomware group gained unauthorized access to its network and exfiltrated data including passport scans, internal operational records, client documents, financial and HR information, and employee compensation details. The firm detected the anomalous activity, isolated its systems, restored operations from backups after additional hardening, engaged digital forensics experts, and notified the privacy commissioner and police while preparing to inform affected clients once the review of the copied information is complete. Anubis claimed responsibility on its leak site, describing the stolen data in detail and highlighting its tactics of using sensitive exposure and optional wipe mode to pressure victims.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Langley Twigg Law, a Napier‑based New Zealand law firm, detected unauthorised network activity on 11 January 2026 through its security monitoring tools, prompting an immediate response with its IT support provider. The firm subsequently took its systems offline, disconnecting the network from the internet, and began rebuilding from backup after applying additional security hardening measures. On 26 January 2026 Langley Twigg Law publicly disclosed the incident, noting that a “small proportion” of its data had been compromised in what it described as a malicious third‑party attack, and that the disclosure came a day after the ransomware group Anubis claimed responsibility on its darknet leak site. Digital forensics and cyber incident response specialists engaged by the firm confirmed that data had been accessed and copied from the firm’s file server, and the firm characterised the intrusion as a novel attack that bypassed existing cyber controls.
The compromised information included internal operational data and some client documents, with the firm still working to determine the precise scope of the exposure. Langley Twigg Law notified the Office of the Privacy Commissioner and New Zealand Police to meet its privacy and regulatory obligations, and stated that affected clients would be contacted once the review of the copied information was complete, a process that may take additional time as investigations continue. On its leak site, Anubis listed Langley Twigg Law as a victim and claimed to have exfiltrated financial and HR‑related material, including financial reports, employee compensation records and associated documentation, as well as staff passport details and other personal records. The firm noted that the detail and apparent authenticity of the documents posted by Anubis were consistent with the group’s tactic of using sensitive data exposure to coerce victims and highlight alleged security failures.
Anubis is described in the source as a relatively new entrant to the ransomware‑as‑a‑service ecosystem, first observed in February 2025 and linked to attacks on at least 46 organisations globally, with Russian‑speaking operators that function on a franchise model providing ransomware tooling and infrastructure to affiliates. The group possesses an optional “wipe mode” feature that can permanently erase files if a ransom is not paid, and unlike some ransomware actors it frequently publishes granular descriptions of stolen data and threatens regulatory fallout as a pressure lever. Anubis has also been known to impersonate journalists and offer “exclusive” access to stolen data as part of its extortion playbook, with its most recent ANZ victim prior to Langley Twigg Law being the Queensland medical practice Laidley Family Doctors in December 2025.