The listed firm reports the London Stock Exchange through a filing amidst looming fines under GDPR rules
UK-based law firm Gateley has reported that it has suffered a cyberattack through a filing to the London Stock Exchange where it is listed.
The firm has informed that only a small portion of its data, amounting to only around 0.2 per cent of its data got exposed in the cyberattack while asserting that it has been able to trace the hackers who attacked its system.
Gateley is facing a looming penalty for the cybersecurity incident since, under the GDPR rules, companies are liable to face hefty financial penalties for data breaches can be as much as €20 million or four per cent of annual global turnover, whichever is greater.
The firm said in the filing that its IT team was able to quickly identify the attack and acted immediately to secure the firm's systems.
"IT security is of paramount importance to Gateley and we had carefully planned for the occurrence of risk that a cyber breach could have on the business. Incidents of this nature are, sadly, prevalent. I am grateful that the prompt actions of our IT team have limited the impact of this incident and enabled us to resume our business operations swiftly," Gateley's CEO Rod Waldie said.
The firm has said that while its investigation into the breach will continue, but initial findings suggest the incident was confined to 'a very small part' of its data store.
"The impacted data was traced quickly and deleted from the location to which it had been downloaded and there is no evidence currently to suggest that this data has been further disseminated," Gateley said in the stock exchange filing.
Gateley said that the data exposed included some client data and that those clients will be notified once the firm's investigations have progressed further.
According to Waldie, the firm is restoring all its systems in a safe and secure manner and as quickly as possible. He added that Gateley does not expect at this stage any significant disruption to the firm's day-to-day activities or its financial performance.
According to a Linklater research report, GDPR-related data breach incidents have witnessed a surge by two-thirds in the previous year. Estimates suggest that almost €294 million has so far been handed over in GDPR fines since 2018, the largest fine to date – €50 million – was imposed by French regulators on Google in 2019.