A cyber incident, which was first reported on Wednesday 22nd November, has brought many conveyancing firms, and transactions, to a standstill. Legal sector specialist infrastructure service provider CTS confirmed last week it had been the victim of a “cyber incident” and was working to restore systems “as soon as possible.“
Despite initial reports suggesting up to 200 firms were affected, the actual number of impacted firms is closer to 80 and appears to be affecting different firms in different ways, depending on their reliance on CTS systems. Some firms have reported they don’t have access to emails, phones or case management systems and are unable to exchange or complete. Others, one of whom has spoken to Today’s Conveyancer, have said they have access to emails and phone and are able to provide workarounds to enable some transactions to complete.
The issue was brought to the attention of Today’s Conveyancer by affected home movers who contacted the publication on Wednesday 22nd November to say their exchanges and completions had been postponed. Over the course of the following day, further information became available indicating the extent of the incident which was then confirmed by CTS in the following statement
“We can confirm that we are currently experiencing operational disruption to some of our services. We are working with a global leader in cyber forensics who is investigating the matter. The investigation is at a very early stage but they have confirmed this disruption has been caused by a cyber incident which has impacted a certain portion of our systems. We are in contact with those clients whose services have been disrupted and are keeping them updated as the team works to restore our systems as soon as possible.”
A subsequent update on the CTS website on Friday 24 November gave no further indication of timescales on the full restoration of services, saying
“We are working closely with a leading global cyber forensics firm to help us with an urgent investigation into the incident and to assist us in service restoration.
We continue to work around the clock with the assistance of third-party experts. Whilst we are confident that we will be able to restore services, we are unable to give a precise timeline for full restoration. We will continue to communicate directly with those of our clients which are impacted by the service outage, providing regular updates on the status of our work to restore services and our investigations into the incident.”
No further update has been provided at the time of publishing.
Affected firms have faced the ire of home movers who have taken to social media and commented on Today’s Conveyancer with many frustrated by the lack of communication around the incident. Others shared their frustrations around expiring mortgage offers, chains falling through, costs associated with not completing and the need for temporary accommodation in some cases.
But many have also rallied round embattled conveyancers, recognising they are trying their best in the circumstances. One comment said
“It must be very upsetting for any buyer missing their purchase today but we must remember that anybody hit with a security issue does not do it on purpose, there is no intent to disrupt except on the behalf of the attackers. The conveyancers are at no fault, they are desperately wanting to do whats best for their customers. Lets not blame the firms wanting the best for their customers, remember they are probably spending huge amounts on security experts on trying to resolve the security attack in the first place.”
Another added
“As a conveyancer, IT systems are built to try and detect any possible cyber attacks, but as everyone will know from the countless articles in the news, cyber attacks happens all the time and around the world. Criminals are becoming more and more sophisticated in their approaches and it is sometimes an impossible task to keep up with those. Most firms dealing with finance have attempts on a daily basis which are intercepted…
“The world is now electronic, gone are the days of old school conveyancing face to face with a briefcase of bank notes, but this opens the door to a multitude of situations that can be out of a conveyancers control. Whilst this is of course a stressful situation to buyers and sellers, it is also the same for the conveyancers. We want to get clients moved as quickly as possible. Please be kind and patient – it is not your conveyancers fault”
The incident brings back memories of the issues faced by Simplify 2 years ago, which rendered many of their systems inoperable. Sentiment amongst the conveyancing community at the time was supportive of the issues faced by the company which, it was widely acknowledged, could have happened to anybody.
14 responses
From what I am told, the incident has not yet been resolved. We need to hear from the affected firms and the SRA (CLC if applicable) today with leadership demonstrated.
Meanwhile, hundreds of customers of these law firms are left with no information from law firms who won’t progress with manual exchanges or completions (Taylor rose) as it is ‘against company policy’. I guess we will all just sit patiently in limbo thanks to this lack of mitigation planning
No systems again today and not expected to be later on either.
We were updated earlier on today that CTS are starting to restore desktops and data which to me reads as they are starting to put things back together. Hopefully that means we will have access in the next couple of days although that is pure guesswork on my part.
A cyber attack is not a normal system outage. It is a direct attack on the systems and companies involved so it not only needs fixing, it needs to be very carefully purged and checked to be 100% sure nothing is lingering somewhere and it also needs to be criminally investigated before users are allowed back in.
There is nothing the firms can do about it. You can’t use back ups as you cannot be sure they have not been compromised and the system needs to remain totally off access in any event.
My firm is processing manual completions as best as possible.
Can you explain how you are conveyancing manually – our solicitors have told us they are not permitted to do this due to regulations
It will be a company by company decision.
We are to a degree doing it on trust. We have no accounts information save for anything the conveyancer can find. For example on a purchase the conveyancer will provide the accounts department with numerous financial documents and payments out requests. The accounts department can then look directly at that purchase ledger and see exactly what has come in and cross reference with the information the conveyancer has provided. In this case accounts can’t cross reference except for payments received from Wednesday and the conveyancer can only find whatever they can access via a search of their email system or by asking the clients or solicitors on the other side of a transaction.
With the best will in the world there will be some human error, things will be missed and some payments will be wrong. Even at an error rate of 0.5% you are potentially talking large numbers. Some firms have taken the decision to not do manual completions at all due to risk. Other firms are taking a leap of faith, doing manual completions knowing there will almost certainly be some clearing up needed once the dust settles. I am glad my firm are one of those as it will lessen as far as humanly possible the impact on clients.
I have processed around half a dozen completions since this all started. One was delayed by one day last Wednesday with the agreement of seller and buyer but rest have gone through on the intended day.
Its a scandal. We are still stuck in limbo with whole chain about to collapse.
No update from the IT firm via their website or twitter and our conveyancer no help at all.
I think they are massively downplaying the scale of the hack and breach and that’s why they have been reluctant to say anything for fear of further liability.
This is affecting me. Exchange could be done manually. No advice on if my data is secure. The system is obviously inadequate and security is not in place, so stop referring to cyber security. This is second property sale likely to fail, individuals losing vast amounts of money. Worst thing. Been 4/5 days and no sign of situation being fixed, not acceptable. Professional standards not being met.
As someone else affected by this issue it’s heartbreaking that there’s no response.
I’m another Taylor Rose customer who are point blank refusing to do manual completions. I should have completed on Friday, my mortgage offer expires on Thursday – and due to other circumstances it’s highly unlikely my mortgage offer will be extended and I won’t be able to get another.
I’m a single autistic mum, I have no other help and the mental anguish of trying to get through this with no news what’s so ever it’s devastating and I’ve had more than one autistic meltdown and I’m struggling to cope.
CTS could provide updates but they are refusing to do so – there’s no excuse!!
And whilst, some things do happen that are beyond control – this is not one of them. 2 years ago something similar happened – why were lessons not learned? Especially when it’s the same industry. But on top of that, there’s reports that this is linked to a known weakness in a system that was reported 2 months ago – so why was that not protected???
But regardless of anything else, where on earth is the business continuity plan of the conveyancing firms. Why are customers being left in limbo with no news, no plan B – we’ve just been abandoned – and that is not excuseable
I do find the lack of communication from the firms affected and the SRA disgraceful. I think there is more than meets the eye here and they may well be told not to say a lot by the police etc. but we’ve been through this one with another firm and lessons clearly have not be learnt about communication.
I am desperately sorry for all customers concerned. However there is no plan b for problems like this. One just plain does not exist. Manual completions for me would be a no go unless desperation kicks in I.e. those who have exchanged must be found a way to complete. The risk for the money is just too great. The firms may also be taking advice from their insurance companies who could well say that insurance is void if anything goes wrong.
For me, I would seriously be looking at switching firms if people are that desperate I.e. yet to exchange but mortgage offers are running out. Should a firm have capacity it should be easy to reconstitute the file especially if no mortgage/deposit funds have been paid to the firms affected.
I’m afraid the MSP and the affected law firms will be following strict procedures, as laid down by Cyber Insurance policy. Hence the limited public communications.
As commented above, any restoration of service needs to be delivered upon air-gapped infrastructure to ensure a secure environment. (As best that can be achieved).
It is indeed heartbreaking, the fall-out this creates. But the mire and anger displayed on this board would be better targeted towards the state sponsored threat actors that perpetrate such crimes.
I have been affected by this so called outage since last Wednesday when l was scheduled to exchange and complete.
I’d like to know what my options are. Can l switch firms at this stage? Would any other conveyencer be willing to take my case on knowing all the steps in the search have been done and OK. It would be great if options could be shared. Thanks
As a conveyancer at Taylor Rose I can assure all concerned that all our data and client data is secure. Our management and IT teams are working around the clock to help restore the systems and establishing as many safe and sensible workarounds to enable as many clients as possible to complete. There is no conspiracy, our service provider is the victim here and we are all, conveyancers and clients alike, just trying to do the best we can.
Our exchange/completion was halted 3 days before we were all due to move, because the person at the top of the chain is a client of Taylor Rose. We don’t understand why it isn’t possible to manage financial transactions outwith the electronic system, as was done in the not too distant past. Our lives are on hold, packed away or in storage. I note that Taylor Rose will have a shut-down over Christmas and New Year. Perhaps while they enjoy themselves they will spare a thought for those of us who are unable to enjoy Christmas because of the failure of this company to have a Plan for Continuity of Business in place. OK, so the companies affected aren’t responsible for the cyber attack but, given that events of this kind have happened several times in the last few years they should all have developed contingency plans – as many other RESPONSIBLE organisations have done.
There is no excuse for lack of communication to clients.
If, as noted above cyber attacks are relatively common there should be a contingency plan in place to at least ensure continuity of relations.