Powered by
MOMENTUM
MEDIA
Threat actors have claimed a cyber attack on Queensland boutique law firm RTB Legal, having allegedly exfiltrated company data, court documents, and more.
Editor’s note: This article originally appeared on Lawyers Weekly’s sister brand, Cyber Daily.
SafePay ransomware has listed Ruddy Tomlins and Baxter (RTB Legal) on its dark web leak site, allegedly having stolen 200 gigabytes of data.
Established in 1925, RTB Legal is a North Queensland-based law firm, with locations in Ayr and Bowen.
While SafePay did not provide any details of the breach in the listing, as is standard for the threat group, it posted a sample that contains a file tree of what it claims to be the exfiltrated data.
Data within allegedly includes court documents, specific case documents, client data, emails, permits, names of clients, statements, police documents, wills and more.
SafePay did not list a ransom request but said it would publish the allegedly stolen data in just under four days at the time of writing (28 May).
Responding to Cyber Daily’s request for commentary, RTB Legal said it was aware of the claims and is currently investigating the incident.
“Ruddy, Tomlins & Baxter is currently investigating a cyber incident as well as online claims by an unknown third party involving the unauthorised access to some of our information,” the company said.
“We wish to assure our clients and staff that we have implemented our incident response plan, allocated resources to investigate this as a priority, and stood up sophisticated monitoring systems to ensure we are aware of any further developments should they arise.
“Should our investigations identify that any personal information has been impacted because of the incident, we will notify them in accordance with our obligations.”
The company said it has also engaged the Office of the Australian Information Commissioner (OAIC) and the Australian Cyber Security Centre (ACSC).
“We understand that this news may be concerning, and we thank our stakeholders for their understanding and support,” it added.
The incident closely follows a cyber attack on Sydney law firm Brydens Lawyers after the firm’s principal, Lee Hagipantelis, revealed that unauthorised users had accessed data on its systems.
“Brydens Lawyers experienced a cyber incident in late February 2025, which resulted in unauthorised access to some data on its servers,” the statement said.
The Sydney Morning Herald claimed that the threat actor was a foreign actor who had exfiltrated 600 gigabytes of data and was attempting to hold Brydens to ransom. However, no threat actor has taken responsibility for the cyber attack.
Responding to the incident, Brydens obtained an interim injunction from the Supreme Court of NSW on 14 March to “restrain dissemination of the impacted confidential information”.
“This injunction also has the consequence that any third party who, knowing of the orders against the threat actor, does anything which facilitates, assists or permits a breach of the orders, or which undermines their effect, may be in contempt and be exposed to penalties, potentially including imprisonment,” Hagipantelis said.
“These steps are being taken by Brydens Lawyers to protect the interests of its clients, employees, and other impacted parties.”
Login
