Langley Twigg Law Hit by Anubis Ransomware Attack, Client and Employee Data Exposed
A New Zealand-based law firm, Langley Twigg Law in Napier, is investigating a cybersecurity breach after the Anubis ransomware group claimed responsibility for a malicious attack that compromised a portion of its data. The incident was first detected on 11 January 2026, when the firm’s security monitoring software flagged unauthorized activity on its network.
In response, Langley Twigg disconnected its systems from the internet and engaged IT support and digital forensics experts to contain the breach. While the firm had cybersecurity protections in place, the attack employed a novel method, allowing threat actors to access and exfiltrate data before systems were restored from backups. The compromised data includes internal operational documents and client files, though the full extent remains under investigation.
The firm has notified New Zealand’s Office of the Privacy Commissioner and the police, and is working with cyber incident response specialists to identify affected individuals. Once the review is complete, Langley Twigg plans to contact impacted clients directly.
On 25 January 2026, Anubis posted details of the attack on its darknet leak site, claiming to have stolen financial records, employee compensation data, passport scans, and client documents, including property transaction records and settlement statements. The leaked materials appear legitimate, with some files bearing the firm’s letterhead. Anubis also published passport details of employees and clients, escalating the risk of identity theft and regulatory exposure.
Anubis, a Russian-speaking ransomware-as-a-service (RaaS) group, emerged in February 2025 and has since targeted 46 organizations worldwide. Known for detailed leak posts, the group pressures victims by exposing sensitive data and threatening regulatory consequences. Its tactics include posing as journalists to further coerce targets. Langley Twigg is the latest in a string of ANZ region victims, following a December 2025 attack on Queensland’s Laidley Family Doctors.
Langley Twigg Law cybersecurity rating report: https://www.rankiteo.com/company/langley-twigg-law
"id": "LAN1769547450",
"linkid": "langley-twigg-law",
"type": "Ransomware",
"date": "2/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Clients and employees',
'industry': 'Legal services',
'location': 'Napier, New Zealand',
'name': 'Langley Twigg Law',
'type': 'Law firm'}],
'customer_advisories': 'Planned direct contact with impacted clients',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Passport details, '
'client and employee '
'data',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Financial records',
'Employee compensation data',
'Passport scans',
'Client documents',
'Property transaction records',
'Settlement statements']},
'date_detected': '2026-01-11',
'date_publicly_disclosed': '2026-01-25',
'description': 'A New Zealand-based law firm, Langley Twigg Law in Napier, is '
'investigating a cybersecurity breach after the Anubis '
'ransomware group claimed responsibility for a malicious '
'attack that compromised a portion of its data. The incident '
'involved unauthorized access, data exfiltration, and the '
'exposure of internal operational documents, client files, '
'financial records, employee compensation data, passport '
'scans, and property transaction records.',
'impact': {'brand_reputation_impact': 'Likely significant',
'data_compromised': 'Internal operational documents, client files, '
'financial records, employee compensation '
'data, passport scans, property transaction '
'records, settlement statements',
'identity_theft_risk': 'High (passport details exposed)',
'legal_liabilities': 'Possible regulatory exposure',
'operational_impact': 'Systems disconnected from the internet, '
'operational disruption'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain, data extortion',
'post_incident_analysis': {'root_causes': 'Novel attack method bypassing '
'existing cybersecurity '
'protections'},
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Anubis'},
'references': [{'date_accessed': '2026-01-25',
'source': 'Anubis darknet leak site'}],
'regulatory_compliance': {'regulatory_notifications': 'New Zealand’s Office '
'of the Privacy '
'Commissioner'},
'response': {'communication_strategy': 'Notified Privacy Commissioner, '
'planned direct contact with impacted '
'clients',
'containment_measures': 'Disconnected systems from the internet, '
'restored from backups',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes (New Zealand police)',
'recovery_measures': 'Systems restored from backups',
'third_party_assistance': 'IT support and digital forensics '
'experts'},
'threat_actor': 'Anubis ransomware group',
'title': 'Langley Twigg Law Hit by Anubis Ransomware Attack, Client and '
'Employee Data Exposed',
'type': 'Ransomware',
'vulnerability_exploited': 'Novel method'}