Cyber Security Incident - Client FAQs 2 February 2026 Q: Has my personal information been stolen? A: The investigation to date has confirmed that some client data was copied from our file server, but we are still working to determine exactly what information was accessed. This process requires working intensively with digital forensics and cyber incident response specialists to identify what information was copied from the file server, and it may take several weeks to complete thoroughly. Once complete, we will have an accurate understanding of who and what is affected. If we confirm that your specific information was accessed, we will notify you directly, in accordance with Privacy Act requirements. Q: Why did you take several weeks to tell me about this? A: Please be assured that we took immediate steps to contain the cyber breach issue as soon as our security monitoring software alerted us to unauthorised activity. The time taken to email clients about the security incident and place notification on our website reflected the need to establish the facts and provide clients with accurate information about what happened. We are working intensively with relevant authorities and independent cyber security experts to investigate the issue and will commence notifying affected clients, in accordance with Privacy Act requirements, as soon as this investigation has been completed. Q: Why haven't I received an email from you? A: This may be because you are not on our database as a client or that we have no or incorrect email details for you. Please contact us so we can check. Q: Should I be worried about fraud or identity theft? A: It's natural to be concerned and, as a precaution, please be extra vigilant and keep an especially keen eye on transactions in your bank account and credit cards. Stay alert for correspondence which seems suspicious or out of place, particularly if that correspondence seeks payment of some kind. If you are making a payment to us, we recommend you verify our bank account details over the phone by phoning one of our staff. You can find more details about prominent scams and how to keep yourself safe online on the National Cyber Security Centre’s “Own Your Online” website: Own your online . If our investigation determines that information requiring specific protective measures was accessed, we will contact you directly with tailored guidance. Q: Are emails from Langley Twigg secure? A: Our email system was not impacted by the incident and it is safe to keep corresponding with Langley Twigg via email. However, if you receive any correspondence about your matter that seems unusual, suspicious or requests urgent payment, please contact us by phoning your usual contact or on our published numbers. If you are due to make any payment to us, please verify any bank account details by phoning us directly before making payments. Do not rely solely on emailed payment instructions. Q: I have an active matter with you. Is it safe to proceed? A: Yes. Our systems were restored using sanitised backup copies and measures were taken to further bolster security before restoration. There is no further unauthorised activity, and we have full confidence our containment efforts have been successful. Our systems are operational, secure and we are accelerating our planned migration to enhanced cloud-based security infrastructure. However, we do recommend extra vigilance, particularly if your matter involves financial transactions. Please verify any bank account details by phoning us directly on our published numbers before making payments. Do not rely solely on emailed payment instructions. If you receive any correspondence about your matter that seems unusual or requests urgent payment, please contact us to verify it. You can find more details about prominent scams and how to keep yourself safe online on the National Cyber Security Centre’s “Own Your Online” website: Own your online If our investigation determines that information requiring specific protective measures was accessed, we will contact you directly with tailored guidance. Q: How did this happen, given that law firms are expected to have good security? A: Unfortunately, cyber-attacks are affecting organisations across all sectors, including law firms, healthcare providers, and government agencies. The cyber threat landscape is constantly changing and evolving, and our network was targeted by a sophisticated malicious attack using a new strain of malware that was not recognised by anti-virus programmes at the time. Our security monitoring did detect the attack quickly, however, which allowed us to take swift containment action. We deeply regret this incident and have taken steps to further bolster our security, including accelerating our migration to enhanced cloud-based infrastructure. Q: When will you know the full extent of what was taken? A: We are working intensively with digital forensics and cyber incident response specialists, and it may take several weeks to complete the investigation to determine exactly what information was accessed. We will provide regular updates as our investigation progresses and, in accordance with Privacy Act requirements, will contact affected clients as soon as we can confirm specific impacts. Q: What are you doing to prevent this happening again? A: We restored our systems from sanitised backup copies and took measures to further bolster security before bringing them back online. There is no further unauthorised activity, and we have full confidence our containment efforts have been successful. We continue to work with our IT provider and digital forensics experts, to further improve our security posture and have implemented additional hardening and monitoring measures accordingly. We were already in the process of moving to a cloud-based document management system, and we are now accelerating our planned migration to enhanced cloud-based security infrastructure, which will reduce the risk of any future incidents. Q: Is my information secure going forward? A: We understand this incident has been concerning, and we deeply regret it has happened. Our network was targeted by a sophisticated malicious attack using a new strain of malware that was not recognised by anti-virus programmes at the time. The security of client information is our highest priority and we have been transparent about what happened. We responded quickly when the attack was detected, and have further bolstered our security. We are also accelerating our migration to enhanced cloud-based infrastructure. We value your trust and are committed to maintaining it. If you would like to discuss this further, your usual Langley Twigg contact is available, or you can email enquiries@langleytwigg.co.nz. Q: What should I do right now? A: We recommend you: • Be extra vigilant and monitor your bank accounts and credit cards closely • Stay alert for correspondence that seems suspicious or requests payment • If making a payment to us, verify our bank account details by phoning one of our staff • Visit the National Cyber Security Centre's Own Your Online website for more guidance: https://ownyouronline.govt.nz • Contact us immediately if you notice anything suspicious related to your legal matter If our investigation determines that your specific information was accessed, we will contact you directly with more detailed guidance.

Langley Twigg Law has suffered a cyber attack. We have forensic cyber experts investigating it currently and will provide further information as it becomes available.

Learn how to identify and protect yourself from common email scams, including phishing and imposter fraud. Essential tips for individuals and businesses in NZ.

Need legal advice or services in Hawke's Bay? Discover why a local lawyer in Napier or Hastings understands property, business law, and conveyancing best. We provide comprehensive legal services throughout New Zealand.

Discover what happens to your estate if you die without a will, known as dying intestate. Learn about the basic order of priority for asset distribution and why having a will matters.

If you recently applied for building consent, your local Council might have flagged your property as at risk to a Natural Disaster. Find out more about what that might mean for your property title in this article by one our our legal experts.

Langley Twigg has moved it's Hastings legal offices into the centre of Havelock North. Visit us at the corner of Donnelly Street and Karanema Drive.

Today the New Zealand government announced a housing package aimed at helping first home buyers and improving housing affordability. We take a look at what changes have been proposed.

Our property lawyers take a look at the government's scheme to assist with the resolution commercial rent disputes.