Law Firm DLA Piper Reels Under Cyber Attack, Fate of Files Unclear
A prominent global law firm, which has touted its expertise on cybersecurity, is still struggling to recover from vicious computer attacks unleashed on Tuesday by hackers.
As of Thursday, it appears DLA Piper has yet to fully resume basic operations, including email, or to publicly confirm whether the firm’s documents or those of its clients were destroyed in the attack.
As experts make sense of the attacks, which also hit major companies, it’s becoming clear the so-called malware in question is more destructive than first reported.
Early reports described the attacks as “ransomware,” which involves crooks holding files hostage for a fee, but the emerging consensus is that they are actually “wiper-ware,” whose purpose is to destroy files altogether.
Get Data Sheet, Fortune’s daily technology newsletter.
The firm initially declined to answer questions about whether files had been destroyed but on Thursday afternoon a spokesperson provided the following statement:
“We have seen no evidence that client data was taken or that there was a breach of confidentiality of that data. To our knowledge no interest of any client has been prejudiced as a result of this incident. We are in the process of bringing our systems back online,” said DLA Piper spokesperson John Lovallo.
Lovallo did not elaborate as to whether any data had been wiped in the attack. A statement posted on the firm’s website says its IT team “acted quickly to prevent the spread of the suspected malware” and is working with forensic experts and law enforcement agencies in the U.S. and Britain.
The spokesperson also did comment on how the attacks affected its client portal (portals are a secure way for law firms and clients use to share messages and documents).
For DLA Piper, its nightmare began on Tuesday and led the firm to shut down digital operations in offices around the world. Shortly after, a Politico reporter posted this photo taken in Washington, D.C.:
Since Tuesday, the DLA Piper has been relying on alternate technology—text messages—to communicate with its work force. While the firm’s lawyers are reportedly under strict instructions not to speak with the press, a reporter from Law360 gleaned the following information:
With the phones and email systems down, attorneys and other staffers conducted business Tuesday via cell phone.
Employees were notified Wednesday morning via the same firm text alert system that the offices were open, phones were operational and that email would be restored potentially within hours. But as of Wednesday evening, the firm’s email system was still not up and running.
The firm texted employees Wednesday evening to acknowledge that progress was slower than ideal, but that the document management and email systems were expected to be fully functioning by Thursday morning.
The upheaval at DLA Piper is similar to what is going on at global shipping giant Maersk, which also got struck by the malware, and is reverting to 1990s technology to manage its fleet and port operations.
But for DLA Piper, the cyber disaster is likely to be especially stressful given how documents are the life of a law firm’s operations, and that its attorneys operate on a constant series of deadlines. As American Lawyer observed:
Consider litigators unable to access motions on a deadline. Trial lawyers preparing for arguments without key documents. Transactional lawyers unable to communicate with clients attempting to close multibillion-dollar deals.
And of course, anxious and possibly angry clients.
A final source of pain for the firm came in the form of an article Above-the-Law, a popular muck-raking blog. The article points out how DLA Piper, on the heels of last month’s WannaCry attacks, widely touted its cyber-security expertise and even set up a 24-7 Rapid Response line—leading Above the Law to dryly observe the firm should call its own hotline.
On July 7th, the American Lawyer further reported the firm is still struggling to recover from the attack, and that the fallout could cost “millions.”
DLA Piper is hardly the only firm to be the victim of a cyber-attack. But given the severity of this week’s attacks, the incident will likely be remembered as a cautionary tale for law firms for years to come.
This story was updated at 6pm ET to include the further statements from DLA Piper and on July 8 with details of the potential cost.