Cyber Incident Victim: GvW Graf von Westphalen
Date:
Dec 2023
Location:
Germany
Summary
A German law firm experienced a cyberattack causing temporary IT system and email access disruptions, though no client data was confirmed compromised. The incident prompted immediate notification to Hamburg’s data protection authority and law enforcement, with data restoration initiated in a secure environment. The firm committed to informing affected parties if forensic investigations revealed unauthorized data access. Recovery was accelerated by backup hardware and effective IT team response, enabling phone service restoration within days and full operational resumption shortly thereafter. While the attack’s specifics remain undisclosed due to ongoing investigations, it aligns with ransomware patterns involving extortion demands. Similar incidents have recently affected other law firms, with varying transparency in their public disclosures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The cyber incident impacting GvW Graf von Westphalen occurred in December 2023, resulting in temporary disruption to the law firm’s IT systems and email communications. Attackers compromised access to portions of the firm’s infrastructure, though forensic investigations confirmed no exfiltration of client data occurred. GvW promptly notified the Hamburg State Office of Criminal Investigation (Landeskriminalamt) and Hamburg Commissioner for Data Protection and Freedom of Information, Thomas Fuchs, adhering to regulatory obligations. Immediate response actions included initiating data restoration processes within a secure IT environment to mitigate operational impacts. The firm committed to notifying affected individuals if subsequent forensic analysis revealed evidence of unauthorized data access, though no such evidence materialized according to available reports.
GvW restored critical functions through pre-existing contingency measures, including backup hardware, which accelerated recovery timelines. Landline telephone services resumed by December 18, 2023, followed by full system restoration announced by Managing Partner Dr. Robert Theissen on December 22 via borncity.com, confirming the firm was operational. Internal acknowledgments highlighted the role of IT leadership, with COO Ole Stahmer crediting long-term IT Head Frank Möller and the response team for limiting damage severity. Public communication regarding the attack was removed from GvW’s website by early January 2024, reflecting restored normalcy. The firm declined to disclose attack specifics or potential ransom demands, citing ongoing law enforcement investigations and standard protocols discouraging public commentary during active cases. Contextual industry references noted parallel incidents at firms like Kapellmann and Allen & Overy, contrasting GvW’s operational recovery timeline with varying transparency approaches observed across the legal sector.