Smith & Co Solicitors Reports Data Breach and Financial Fraud Following Email Compromise
Learn More
Smith & Co Solicitors, a legal practice based in Ipswich, United Kingdom, reported a data breach on March 19, 2024. The incident involved unauthorized access to the firm's email infrastructure, which attackers used to intercept client communications and solicit fraudulent payments.
Investigators believe the original breach occurred on March 12, 2024, after clients began reporting suspicious email exchanges that appeared to originate from the firm's staff.
Once attackers controlled the accounts, they monitored active threads and created look-alike email addresses to impersonate solicitors. This allowed them to trick at least one client into sending an undisclosed sum of money to a bank account under their control.
The compromised data includes:
- Client email addresses
- Sensitive personal data contained within email bodies and attachments
- Financial transaction details and payment instructions
The breach impacted approximately 25% of the firm's client base, which equates to over 500 individuals. The firm confirmed that one individual lost money due to the fraud.
After detecting the incident, Smith & Co Solicitors isolated the affected systems and began notifying all 2,000 clients via telephone and email. The firm reported the matter to the Information Commissioner's Office (ICO) and Action Fraud. Managing partner Vicky Hosking stated that the firm is working with technicians to secure the environment and prevent further unauthorized access to sensitive client files.
