Brydens Lawyers

Summary

Prominent Sydney law firm Brydens Lawyers suffered a serious cyber incident in late February 2025, resulting in unauthorised access to approximately 600 gigabytes of case, client, and staff data. A foreign threat actor subsequently attempted to extort the firm, prompting Brydens to obtain an injunction restraining any dissemination or publication of the exposed data.

What Happened

In late February 2025, Brydens Lawyers detected unauthorised access to its servers. The intrusion resulted in the compromise of 600 gigabytes of data, including case files, client information, and staff records. A foreign threat actor began extortion attempts following the breach. The firm's principal, Lee Hagipantelis, confirmed the incident and stated that IT systems had been restored whilst an investigation was underway.

Impact on Individuals

The breach exposed sensitive legal and personal information belonging to clients and staff of Brydens Lawyers. The firm provides legal services across multiple practice areas including motor vehicle accidents, injuries in public places, medical negligence, workers' compensation, and family law, with six offices across New South Wales in Liverpool, Sydney CBD, Adamstown, Ballina, Bankstown, and Broken Hill.

Organisational Response

Brydens Lawyers notified both the Australian Cyber Security Centre and the Office of the Australian Information Commissioner about the incident. The firm obtained a legal injunction to prevent dissemination or publication of the compromised data and restored its IT systems. At the time of disclosure, no ransomware group or threat actor had publicly claimed responsibility for the attack.

Legal Action

Brydens obtained an injunction to restrain any dissemination or publication of data exposed during the cyber incident, taking legal action to protect client and staff information.