Queensland Law Firm Targeted in Cyber Attack: Investigation Underway
Overview of the Incident
A cyber attack has reportedly hit Ruddy Tomlins and Baxter (RTB Legal), a well-known law firm based in Queensland. The group behind this incident, identified as SafePay ransomware, claims to have exfiltrated a substantial amount of sensitive data from the firm, including court documents and private client information.
Details of the Breach
SafePay ransomware has included RTB Legal on its dark web leak site, listing a staggering 200 gigabytes of allegedly stolen data. The firm has been serving clients since 1925, establishing a robust presence in North Queensland through its offices in Ayr and Bowen. RTB Legal offers a wide range of legal services, encompassing property law, family issues, business law, criminal defense, and more, all while emphasizing strong client relationships.
While SafePay did not disclose specifics about the breach in their online listing, they did post a sample file tree that purportedly displays the kind of data stolen. The sample suggests that among the compromised materials are court documents, emails, client identities, and even police records.
What Happens Next?
Although no ransom request has been made public, SafePay threatened to release the stolen information within four days of the attack, raising serious concerns among RTB Legal’s clients and stakeholders. In light of this situation, RTB Legal has been prompt in its response, confirming their awareness of the breach and the ongoing investigation.
“Our firm is currently investigating a cyber incident and the associated claims from an unidentified party regarding unauthorized access to our information,” RTB Legal mentioned in a statement.
Company’s Response
RTB Legal has taken immediate actions to mitigate any potential fallout from the breach. They’ve implemented an incident response plan, engaged specialized resources to prioritize the investigation, and set up advanced monitoring systems. “Should our investigations establish that any personal information has been impacted, we will notify affected individuals in line with our responsibilities,” the firm assured.
Furthermore, RTB Legal has reached out to both the Office of the Australian Information Commissioner (OAIC) and the Australian Cyber Security Centre (ACSC) for guidance and support during this challenging time. The firm recognizes the gravity of the situation and has thanked clients and stakeholders for their understanding as they navigate this complex issue.
A Pattern of Attacks
This cyber breach mirrors a recent incident involving another legal entity, Brydens Lawyers, based in Sydney. Reports indicate that Brydens experienced unauthorized access to its systems and lost 600 gigabytes of data in a similar attack. The firm’s principal, Lee Hagipantelis, confirmed the breach in February 2025 and shared steps taken to secure the firm’s data and protect client interests.
Brydens Lawyers has even sought an interim injunction from the Supreme Court of New South Wales to prevent any distribution of the compromised data. This legal step indicates the seriousness of the breach and serves as a warning to any third parties attempting to aid the dissemination of sensitive information.
The Implications of Cybersecurity Breaches
Cybersecurity breaches have become alarmingly common in recent years, especially for businesses handling sensitive personal information. Law firms, in particular, are attractive targets for cybercriminals due to the nature of their work and the amount of confidential data they manage. The incidents involving RTB Legal and Brydens Lawyers underscore the urgent need for robust cybersecurity measures in the legal industry.
These attacks raise questions about data protection, client confidentiality, and the obligations of firms to ensure the security of their systems. As both RTB Legal and Brydens Lawyers work through their respective challenges, the legal community will likely be watching closely to see how these situations unfold and what measures will be implemented to prevent future breaches.
In a rapidly evolving digital landscape, the emphasis on cybersecurity cannot be overstated. Law firms must continually adapt to new threats and invest in sophisticated technological solutions to safeguard their clients’ information.
