A law firm based in Napier, on New Zealand’s North Island, is actively investigating a cyber security incident that led to a “small proportion” of its data being compromised by a “malicious third-party attack”.
Langley Twigg Law shared details of the incident in a January 26 notice posted to its website, a day after the Anubis ransomware group claimed responsibility for the attack.
“On 11 January 2026 our security monitoring software alerted us to unauthorised activity on our computer network. In response we engaged our IT support provider to take immediate steps to contain the issue,” a Langley Twigg spokesperson said.
“This included switching off and disconnecting the Langley Twigg network from the internet while investigations took place. Despite being protected by cyber security software, our network had suffered a novel attack. Before our systems were restored using backup copies, these were thoroughly checked and measures taken to further bolster security.”
The firm engaged digital forensics experts who were able to confirm the attacker, and that some data had been compromised, which contained both internal information relating to Langley Twigg’s operations and some client documents”.
“We are currently working with digital forensics and cyber incident response specialists to identify what information was copied from the file server. Once this is done, we will contact affected clients and discuss steps they may wish to take as a consequence,” Langley Twigg said.
“We are working intensively on this process but please understand that this may take some time to work through. We will provide further updates as our investigation progresses.’
The firm said it had notified the Office of the Privacy Commissioner and the New Zealand Police.
What Anubis has claimed
In a January 25 post to its darknet leak site the Anubis ransomware operation listed Langley Twigg as a recent victim, complete with details of the hack and the data allegedly compromised during the incident.
“The leaked data provides insight into the company itself and its financial position. The dataset includes financial reports, employee compensation records, and related documentation,” Anubis said.
“For the company’s employees, the leaked data includes more than just salary information. The materials also contain passport details and other personal documents.”
The hackers went into considerable detail regarding the incident, no doubt in an attempt to apply pressure to the victim. Numerous employee passport scans were published, alongside passports and other personal information relating to Langley Twigg clients. The data appears to be legitimate.
Other documents published as proof of the hack include property transaction records, hazard reports, and settlement statements. Several documents feature Langley Twigg letterhead.
Cyber Daily has reached out to Langley Twigg for further comment on the hackers' claims.
Who is Anubis?
Anubis is a relative newcomer to the ransomware ecosystem, first appearing in February 2025 and so far responsible for targeting 46 organisations worldwide. According to security researchers, the gang appears to be Russian-speaking and is a ransomware-as-a-service operation.
Unlike many ransomware actors, Anubis uses its leak posts to outline in detail the data stolen from its victims, focusing on exposing what it believes is sensitive data to further coerce and shame its victims, and often threatening negative regulatory responses as a result of victims’ alleged lack of security.
Anubis is also not averse to pursuing other tactics to apply pressure to its victims, including posing as journalists and offering exclusive access to stolen data.
The group’s most recent ANZ victim was Queensland-based medical clinic Laidley Family Doctors, which was listed by Anubis in December 2025.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.