CTS, a U.K.-based provider of managed IT services for law firms and the professional services industry, is experiencing a cybersecurity incident that is causing ongoing widespread disruption across the legal sector.
In a statement on its website, the Cheshire-headquartered CTS confirmed it’s experiencing a “service outage” resulting from an unspecified cyber incident. The company didn’t share any further details about the incident, such as how many of its customers are impacted or whether any sensitive data had been accessed, and hasn’t posted any updates since Friday.
While CTS refuses to share details about the incident, industry publication Today’s Conveyancer said that close to 80 law firms are believed to have been affected so far by the upstream cyberattack, leaving firms unable to access their case files since last Wednesday. Reports on social media say that the incident has also disrupted house sales and purchases across the U.K., forcing customers to deal with unexpected accommodation and storage costs, as well as soon-to-expire mortgage offers.
CTS spokesperson Natalie Kissack declined to answer TechCrunch’s questions when reached for comment on Monday.
Rashana Vigerstaff, a spokesperson for the U.K.’s data protection watchdog, the Information Commissioner’s Office, told TechCrunch that CTS had notified the regulator of the incident. U.K. organizations are obligated to notify the ICO within 72 hours of discovering a data breach of personal information.
Several firms that rely on CTS are reporting ongoing disruption due to the cyberattack.
Law firm Taylor Rose MW said that its “operations are currently impacted” as a result of the CTS cyberattack. “We apologize to our clients for the disruption. We are in close contact with the supplier and are expecting the issue to be resolved in the coming days,” said Ali Jubb, a representative for Taylor Rose MW, in an email to TechCrunch. “In the meantime, we are finding alternative solutions to deal with urgent client matters and keep clients informed.”
O’Neill Patient Solicitors, a law firm that features as a customer case study on CTS’ website, said in its own website notice: “Unfortunately we are experiencing some service disruption, due to an outage which is impacting a number of organisations across the legal sector.”
West Midlands-based Talbots Law said in a notice on its website that it was experiencing difficulties, “due to a technical outage affecting multiple organisations within the legal sector.”
CTS has yet to confirm the nature of the cyber incident or how it was compromised but did not dispute claims by security experts that it may have been breached by hackers exploiting the CitrixBleed vulnerability, which U.S. government officials last week warned was being actively exploited by both nation-state hackers and cybercriminal gangs, including LockBit.
In a post on Mastodon, one security expert linked the breach to an exposed NetScaler appliance belonging to Sprout Technologies, a company that merged with CTS in 2020.
One Taylor Rose customer called Lindsay, who asked us to withhold her surname, told TechCrunch that she has experienced issues with her house sale as a result of the CTS hack. Lindsay said that she should have exchanged on November 22 but hasn’t done so, noting that Taylor Rose has said it is waiting for updates from CTS. Lindsay says her mortgage offer expires on November 30 and fears losing thousands and being unable to move if the process isn’t completed in time.
In its brief website statement, CTS said: “While we are confident that we will be able to restore services, we are unable to give a precise timeline for full restoration.”
Do you work at an organization or law firm affected by the CTS cyberattack? You can contact Carly Page securely on Signal at +441536 853968 or by email. You can also contact TechCrunch via SecureDrop.