A major offshore law firm admitted it had been hacked on Tuesday, prompting fears of a Panama Papers-style exposé into the tax affairs of the super rich.
Jersey-based Appleby only admitted it had suffered the breach – which actually happened last year – after a group of journos from the International Consortium of Investigative Journalists (ICIJ), who had seen the leaked information, began asking awkward questions.
In a statement, Appleby denied allegations of any tax evasions or other wrongdoing by itself or its clients while admitting that it was “not infallible”. The law firm went on to state that it had shored up its security since the hack.
We are committed to protecting our clients’ data and we have reviewed our cyber security and data access arrangements following a data security incident last year which involved some of our data being compromised. These arrangements were reviewed and tested by a leading IT Forensics team and we are confident that our data integrity is secure.
The Daily Telegraph reports that the leak involved some of Britain’s wealthiest people, who were said to be consulting lawyers and public relations executives in preparations for possible fallout from the hack.
News of the breach at Appleby follows nearly 18 months after the release of the so-called Panama papers, which provoked huge embarrassment (and worse) for wealthy figures in politics and business as well as spawning a debate about the ethics of tax havens.
Iceland's prime minister Sigmundur Gunnlaugsson resigned after documents leaked from the Panama Papers revealed politically embarrassing details of his family's tax arrangements.
Pakistani prime minister Nawaz Sharif was removed from office as a result of revelations about his family finances that came out from the Panama paper leak.
Data exposed in the breach has been analysed by the ICIJ, the same group that investigated the Panama papers breach, which stemmed from a leak of sensitive information from Panama-based law firm Mossack Fonseca. Poor security allowed the compromise of Mossack Fonseca’s email server. The firm had apparently routinely used unencrypted email for sensitive communications. Around 11.5 million documents related to 200,000 plus offshore firms spilled as a result of the 2015 breach (which was revealed in 2016).
Unpatched WordPress and Drupal bugs as well as a SQL Injection flaw in its content management system were subsequently identified on Mossack Fonseca's systems, though whether any of these actually resulted in the 2015 breach is unclear.
Appleby – which employs 470 staffers and operates from 10 offices across the world – states that it offers services to global public and private companies, financial institutions as well as "high net worth individuals". Media reports suggests its clients include FTSE 100 companies. ®