-
@ Wahl
2023-09-11 12:09:08There has been a ransomware attack on BRAK's Brussels office. About 160 GB of data was lost.
This is reported by Beck.de, among others.
"After several renowned law firms such as DLA Piper, CMS Hasche Sigle and Kapellmann, the Federal Bar Association (BRAK) has now also been hit. There was a ransomware attack on the Brussels office, which is supposed to represent the German legal profession at the European institutions.
According to BRAK's managing director responsible for data protection, Sebastian Aurich, a server operated there was attacked, the "systems" of which had been encrypted. Aurich said on request that data had also been leaked. The NJW has received an email from the German Lawyers' Association, which informed local lawyers' associations with reference to a communication from the BRAK. According to this announcement from BRAK, there are said to be 160 GB of data, and the attackers threatened to publish it. The BRAK cites “contact information or communication histories” as examples of data that may have been leaked.
That's a strange formulation ("whose "systems" were encrypted. Data was also leaked") in the article.
Encrypted data is (also) data.
If encrypted data has been stolen, then (otherwise there could have been no extortion) the meta data issue still remains. They are also very valuable because they can be sensitive.
However, this formulation (https://datenbank.nwb.de/Dokument/1023448/) sounds different: "Whether and to what extent data from people in contact with the Brussels office - such as contact information or communication histories - was leaked is still being determined. As a precaution, the BRAK assumes that such data has also been leaked."
The results of the "forensic analysis of the IT systems" cannot be found on the internet so far (09/11/2023). The transparency requirement at least makes it conceivable that the interested and possibly affected reader will soon find out more here.
Why can this be of interest to the legal profession? Because a basic uneasiness remains, but in any case increased caution and self-restraint seem advisable.
The Federal Chamber of Notaries is currently upgrading digitally and more and more online procedures are becoming possible (we have pointed this out in the blog).
However, all of these new possibilities are linked to the fact that vast amounts of data, some of which are highly sensitive, accumulate at a central point (of failure). And this central point is an extremely attractive target (honeypot) for global hackers.
Even if "only" with the BRAK (and not the Fed. Chamber of Notaries), but 160 GB of data; this is a serious incident. And there is so incredibly little reporting and information about it - including from the RA Chamber to us lawyers. The impression arises that as little as possible should be reported so that "no unrest" arises in the legal profession.