Cyber security case study
10 September 2024
A global manufacturing company listed on the London Stock Exchange faced a cyber security incident that involved a ransomware attack and the exfiltration and disclosure of data on the dark web, affecting multiple jurisdictions. The incident required a swift and coordinated response to mitigate the legal, regulatory, and reputational risks arising from it.
We acted as the client's trusted breach, cyber security, and data protection adviser and fully coordinated its cyber response on a global basis, across 22 jurisdictions. The team included data protection, litigation, and corporate governance lawyers, who advised on ransom response, privilege strategy, notification requirements, and liaising with regulators; risk advisory consultants, who project-managed the forensic investigations and recovery and assisted on the production of the post incident report; and Ashurst Advance and Ashurst Risk Advisory, who worked together to analyse the 300,000 exfiltrated documents to determine the extent of personal data affected and the need for notification.
By leveraging our combination of legal advice and consultancy services, the client was able to manage the cyber risk and respond to the breach on a global scale, with a single point of contact and a consistent approach. The client also benefited from our expertise and experience in handling complex and multi-jurisdictional cyber incidents, as well as our ability to provide practical and strategic guidance on the legal and regulatory implications of the incident.
The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
Readers should take legal advice before applying it to specific issues or transactions.