McCullough Robertson has confirmed it recently became aware of the incident appearing to have “allowed the retrieval of a discrete number of email addresses by that third party”.
“As a leading independent Australian law firm, McCullough Robertson takes the protection of data very seriously,” the statement from the firm said.
“As soon as we became aware of this incident, we took immediate steps to determine its scope and ensure our wider IT environment was secure. Since this time, we have been working closely with cyber security consultants to fully investigate the circumstances of the incident.
“McCullough Robertson is committed to the privacy and security of any personal data. All impacted individuals have been contacted.”
Commenting further on the measures being taken, Kim Trajer, McCullough Robertson chief operating officer, said: “We are deeply concerned by any breach of our IT security and wish to apologise for the impact on those affected.
“We are doing everything we can to ensure the ongoing security of our systems, preventing any serious incidents occurring in the future.
“We are working through mandatory reporting requirements in relation to the email account compromise, including notification to relevant regulators.”