This comes after the listed firm halted trading on the ASX on Tuesday, 14 March, after detecting unauthorised access to a portion of its IT environment on Monday (13 March).

The cyber attack was on two of the intellectual property law group’s member firms: Spruson & Ferguson (Australia) and Griffith Hack. 

The breach is, according to IPH, primarily related to the document management systems (DMS) of the IPH head office, plus the practice management systems (PMS) of both Spruson & Ferguson (Australia) and Griffith Hack. Upon becoming aware of the incident, IPH immediately isolated these compromised systems and removed them from its network.

“IPH advises that it has now established new network infrastructure following a strict restoration process, and key system functionality has now been restored. Under the advice of cyber security experts, security has also been further enhanced, including additional preventative and detective controls to protect the IPH network,” the firm said in a statement.  

“The new systems are now in use by the two affected IPH member firms, and their transition back to normal operating procedures on these new systems is underway. All other IPH member firms continue to operate as normal.”

VIEW ALL

While the investigation will reportedly “take some time”, the firm has notified the Australian Cyber Security Centre (ACSC) and is working with external cyber security and forensic IT advisers to conduct a forensic investigation.

IPH said it is continuing its response to the “extent of and nature of the unauthorised access to the IT environment and data held within it”, in an investigation that is expected to extend over a number of weeks.