Hackers claim to have stolen more than 400 gigabytes of information from Queensland-based law firm Kelly Legal, with HR files allegedly compromised, following an October “hacking incident”.
Editor’s note: This story first appeared on Lawyers Weekly’s sister brand, Cyber Daily.
The INC Ransom ransomware group has listed Queensland-based legal services firm Kelly Legal as a victim on its darknet leak site.
The hackers made the claim in a 13 November leak post, describing the business, its size, and its estimated revenue.
In an update posted to the site moments later, INC Ransom claimed to have exfiltrated more than 447 gigabytes of data, which includes contracts, financial and customer data, and human resources information, according to the hackers.
INC Ransom has said it will publish the data later this month. Cyber Daily reached out to Kelly Legal for comment but has yet to receive a response.
Kelly Legal has offices in Brisbane and Mackay and offers legal services to both individuals and businesses. It offers services covering family law, real estate, workplace, and disputes and litigation. The company was formed in 2004 and also operates the Property Law Centre.
The firm disclosed via its Facebook page on 10 October that it had been experiencing an “IT & phone system blackout” and confirmed later that day that it had fallen victim to a “hacking incident”.
“Please be advised that due to an overnight hacking incident, Kelly Legal requests all clients and others to verify bank account details by phone before acting on any requests for funds,” Kelly Legal said.
“While our phones remain down, please use temporary phone number 0418882817. Thanks for your understanding.”
It is unclear if this disclosure refers to INC Ransom’s claimed ransomware attack.
INC Ransom was first observed in August 2023 and has been quite busy since then, claiming at least 546 victims since that date, a sharp increase from when Cyber Daily last wrote about the group in the middle of October, when its victim count was 499. That last Australian victim was the landscaping firm Benedict, which was listed by the hackers on 9 October.
The gang is known for using spear phishing tactics, which it employs to gain initial access, and for using double-extortion techniques to pressure its victims. INC Ransom both encrypts the data it steals and then threatens to publish that data online if a ransom payment is not received.
The group mostly targets entities in Europe and North America, but it has also targeted a significant number of Australian organisations. Arguably, its most impactful local hack involved a Sydney-based medical imaging firm, Spectrum Medical Imaging.
Spectrum was first listed by INC Ransom in January 2025. A month later, Spectrum began contacting patients, warning that their medical data may have been compromised.
“Spectrum Medical Imaging recently experienced a cyber security incident. A third party gained access to some of our IT systems and certain patient records,” Spectrum told its patients at the time.
“Unfortunately, some of your data has been accessed and copied. This could include name, DOB, contact details, and some health information.”
