Skip to main content

Security Incident Notification

Home / Security Incident Notification

Security Incident Notification

Last updated: 16th April 2026

In March 2026, we experienced a security incident involving unauthorised access to some of our systems. We took immediate action and have now completed a full forensic investigation.

What happened

On 4 March 2026, an unauthorised third party gained access to one of our email accounts through a sophisticated phishing attack. On 12 March, two clients independently reported suspicious contact, which led us to discover the breach. We immediately investigated, shut down the compromised account the same day, and engaged specialist forensic investigators. We also reported the matter to the Information Commissioner's Office, the Solicitors Regulation Authority, and the police.

Investigation findings

The forensic investigation has confirmed that 273 people's data were accessed on 4 March and 12 March 2026. There is no evidence that any data was downloaded or copied from our systems.

The accessed emails contained enquiry data for residential conveyancing and wills matters, including contact details and, in some cases, dates of birth, National Insurance numbers, and in 2 instances, copies of identification documents were accessed too.

What was NOT affected

  • Our main case management system
  • Client account systems and financial controls
  • Active case files and transaction data
  • Any client funds

Regulatory status

Both the Information Commissioner's Office and the Solicitors Regulation Authority have regarded this as sufficiently low risk that they have both closed their files with no further concern or action.

Action taken

We have implemented comprehensive security enhancements including:

  • Forced password and multi-factor authentication resets across the entire firm and increased the frequency of authentication
  • Full system review by forensic IT specialists
  • Implementation of all additional security measures recommended by forensic specialists

Client notification

We have contacted all individuals whose data was in the accessed emails directly. If you have not received a notification from us, your data was not affected.

Fraud vigilance

Four individuals received fraudulent attempts to divert funds during their transactions. All four identified the fraud quickly, and no money was lost. In fact, it was these client reports that led us to discover the breach.

We strongly advise all clients to:

  • Verify any unexpected requests for money by calling the person handling your matter or 01267 239481
  • Never use contact details provided in a suspicious email
  • Be particularly alert if purchasing or transferring property

This approach works; our clients' vigilance stopped all fraud attempts and led to the discovery of this breach.

Questions?

If you have any concerns or questions, please contact:

Update: 12th March 2026

What happened

On 12 March 2026, Redkite Solicitors experienced a cyber security incident. We discovered unauthorised access to some systems following a targeted phishing attack and took immediate precautionary action.

What we did immediately

Within hours, we:

  • Shut down the affected account
  • Engaged specialist cyber forensic investigators
  • Forced password and multi-factor authentication resets across the entire firm
  • Implemented additional security measures
  • Had the impersonating domain taken down and suspended
  • Purchased similar domain names to prevent further misuse
  • Reported the matter to the Information Commissioner's Office, police, and Solicitors Regulation Authority

Who is affected

The incident affected enquiry data for residential conveyancing and wills matters, including contact details and, in some cases, dates of birth and National Insurance numbers. Four clients received fraudulent requests for money. All identified the fraud and no money was lost.

What we're doing now

We have engaged forensic IT specialists to establish exactly what data was accessed. This investigation will be complete within 10 days. We are contacting all potentially affected clients directly.

If you're a current or recent client

We have sent you a direct notification email. Please check your inbox and spam folder.

If you are in the process of purchasing or transferring property through us:

  • Be extremely vigilant about any requests for money
  • We will never change bank details via email without verbal confirmation from you
  • If you receive any email asking you to transfer funds, call your Redkite lawyer to verify it is a genuine request from us before making any payment

What you should do

  • Verify any communication requesting money by calling your lawyer (as specified in your client care letter or on our website). DO NOT CALL the phone number in any email request
  • Our bank is Barclays. If you pay us electronically, you will be able to see that the account name is 'Red Kite Law LLP' - DO NOT PAY unless the receiving account shows the correct bank and account holder
  • Be alert to unexpected emails or calls claiming to be from Redkite Solicitors
  • Report any suspicious contact to us immediately
  • Monitor your bank accounts and credit file for unusual activity

Questions or concerns?

If you have questions about this incident, please contact:

Julian Wintle
Partner and Head of Risk & Compliance
Direct line: 01452 508807
Email: incidentresponse@redkitelaw.co.uk

We are working urgently with forensic specialists to establish the full facts and have implemented comprehensive security enhancements. Protecting client data is fundamental to our responsibility as solicitors, and we will keep all affected clients informed as the investigation progresses.

We will update this page as our investigation develops.