Lawyers, Judges, and a Bloody SharePoint Backup: When Legal Privilege Meets Cyber Incompetence

It is 2025. Legal privilege is supposed to be sacrosanct. Bank account details, matter summaries, passport numbers, all held with care, behind fortified digital vaults.

Except they were not.

In Australia this week, Lawcover, the indemnity insurer for thousands of lawyers, admitted they had been breached. Not last night. Not last week. In early April. And they are only just now coming clean.

Let that sink in: over six weeks of radio silence while the personal and financial data of judges, barristers, and lawyers was possibly being pored over, indexed, and sold to the highest bidder on some Telegram thread.

And the worst part?

It was not even a system breach. It was a backup. A bloody SharePoint backup.

The Smoking Gun: SharePoint, That Digital Filing Cabinet from Hell

Let us be clear: SharePoint is not inherently evil. But the way most organisations use it? Oh, it is a GDPR minefield in a trench coat.

According to Lawcover's own statement, the breach affected a file stored in SharePoint. A backup file. Unencrypted. Lying there like a slab of wagyu on a tiger's doorstep.

The file in question, as they euphemistically put it, "may have contained bank account details, passport numbers, driver's licence numbers, phone numbers, and home addresses". And if that was not enough, it also included matter summaries.

That is right. The actual guts of confidential legal claims.

So not only do criminals potentially know who is suing who, they may also know why, for how much, and what dodgy skeletons are lurking in the courtroom closet.

Legal Data Is Gold, and They Left the Vault Door Open

Let us talk about why this is so utterly inexcusable.

Legal data is one of the most sensitive categories of information that can exist outside a hospital. It involves:

• High net-worth individuals

• Sensitive corporate disputes

• Government whistleblowers

• Divorce settlements

• Criminal appeals

Now imagine you are a cybercriminal. Or worse, a hostile state actor. You stumble across this SharePoint file.

You have just hit the jackpot.

No zero-day. No malware. No lateral movement. Just a gift-wrapped archive of Australia's judicial class, right there for the taking.

Whose Fault Is This? Spoiler: Not Just Lawcover's

We could spend hours dunking on Lawcover, and we will, but this rot runs deeper.

Legal Sector Cybersecurity Is a Shambles

Law firms, even the big ones, often treat IT like a cost centre. "What is the minimum we can do to pass compliance this year?" they ask, while using Windows Server 2012 and calling it "mature".

And insurers? Even worse. They have weaponised actuarial tables to justify decades of underinvestment in their own defences.

Let us not forget: Lawcover is an indemnity insurer. They exist solely to protect lawyers from claims when they mess up. And now they have messed up so badly they might have to indemnify themselves.

Data Retention: Why Is This Still a Problem in 2025?

What in the holy hell was a five-year-old backup doing in SharePoint?

Let us play a fun game: open your company’s document management system. Search for the word "Final_Backup_Copy". Now scream into a cushion.

The legal sector has a serious hoarding problem. Outdated claims, draft versions, and entire email threads live forever on unpatched servers and badly secured cloud folders.

If you do not have a data retention policy that enforces automatic deletion, you do not have security, you have a ticking time bomb.

Let Us Not Forget the Supply Chain

Here is the kicker: Lawcover does not operate in a vacuum. Every solicitor they insure plugs into a broader legal ecosystem, courts, regulators, law firms, barristers, expert witnesses, IT providers.

This is a textbook supply chain compromise.

Once attackers had access to Lawcover’s data, they had potential paths into:

• Connected law firm email accounts (through phishing)

• Case tracking systems

• Client databases

• Government portals

And you better believe some solicitor somewhere is using the same password for their legal software and their Gmail.

The Business Impact? It Is Only Just Beginning

Here is what is likely to happen next:

Reputational Carnage Clients will ask their solicitors: "Are you insured through Lawcover?" And if the answer is yes, trust is gone.

Blackmail If any of the stolen matter summaries involve criminal cases, whistleblowers, or divorces, then blackmail becomes not just possible, but probable.

Courtroom Chaos Imagine being a judge, realising your personal and financial data is now floating around the dark web, and then trying to adjudicate a case involving cybercrime.

Regulatory Wrath The Australian OAIC will come down hard. And if similar incidents occur in the UK (spoiler: they will), the ICO might actually get out of bed and fine someone properly.

Let Us Translate This for the UK Crowd

You might be thinking: "This happened in Australia. Why should I care?"

Because it is not just Australia. This is every barristers’ chambers, every solicitor’s firm, every court-appointed expert in the UK who is using outdated systems and hoping no one notices.

Here is the uncomfortable truth:

• Legal privilege means nothing if your backups are exposed.

• Solicitors' indemnity insurers are juicy targets, and most of them are technically asleep at the wheel.

• Your supply chain is your attack surface. If your insurer goes down, you go with it.

This is your wake-up call, and you are already late.

What Should Be Happening Right Now (But Probably Is Not)

Let us make this painfully clear:

This Is Not a One-Off. This Is the Blueprint for Breaches to Come

Let us be brutally honest.

This breach is not some rare unicorn. It is the natural outcome of years of complacency, lazy IT, and "we have always done it this way" nonsense.

Legal firms are soft targets. They:

• Sit on mountains of sensitive data

• Work with flaky MSPs who bill by the hour

• Avoid security audits like they are contagious

• Store documents forever

• Use software with 20-year-old codebases

And the cherry on top? Their reputations mean they are less likely to report breaches quickly.

Because nothing says "competent legal adviser" like "we just leaked a High Court judge’s bank account details and sat on it for six weeks".

Let Us Talk About SharePoint (Again)

SharePoint is the Wetherspoons of file storage. Everyone uses it, no one really likes it, and the more you drink the Kool-Aid, the worse your decisions become.

Used right, it is fine. Used lazily, it becomes a ransomware welcome mat.

Default sharing settings? Dangerous. Retention policies? Non-existent. Audit logs? Turned off.

If you are a legal practice using SharePoint:

• Use Sensitivity Labels

• Use Conditional Access

• Restrict external sharing

• Review access logs weekly

• Monitor for strange behaviour (via Defender or a proper SOC)

Or better yet, hire someone who knows what they are doing.

What Happens Now?

Lawcover will ride this out. They will hire a PR firm, issue vague assurances, and update their FAQ with useless drivel like "We take your privacy seriously".

They might even offer free credit monitoring, the digital equivalent of handing you a mop after messing on your carpet.

But for the rest of us? We need to learn fast.

Because this is coming to a courthouse, firm, or insurer near you, and if you are part of the supply chain, or worse, the end client, you are now in the blast radius.

Final Thoughts: Legal Does Not Mean Secure

Let me be clear: the law sector is not exempt from cyber responsibility. It should be held to a higher standard. Without basic encryption, you do not get to lecture others about compliance when storing backups in SharePoint.

And if you are a law firm, solicitor, or anyone even vaguely adjacent?

Ask your insurer today: What are your cybersecurity standards? Are your backups encrypted? Do you comply with ISO 27001?

Because if not, you are next.