What is Appleby? A guide to the hacked offshore firm used by the rich and powerful
What is Appleby and what does it do? Here is what we know so far.
On 24 October 2017, an offshore legal firm called Appleby confirmed in a statement that it had suffered a cyberattack last year which "compromised" some of its internal client data. But this was no ordinary company. And these were no ordinary clients.
The leak, it emerged, has left some of Britain's richest people on edge. According to The Telegraph, which first reported the incident, PR firms were urgently being contacted.
But what is Appleby and what does it do? Here is what we know so far about the offshore giant.
First, some context. When the Panama Papers were published last year, released in full by the International Consortium of Investigative Journalists (ICIJ) and partners, they exposed the inner-workings of both the offshore industry and its powerful clients.
The tranche of 11.5m documents was leaked from a Panamanian law firm called Mossack Fonseca and detailed hundreds of thousands of offshore dealings.
Appleby is another offshore law firm with a presence in Bermuda, the British Virgin Islands, the Cayman Islands, Guernsey, Isle of Man, Jersey, Mauritius, Seychelles, Hong Kong and Shanghai.
Its clients, while not named publicly, includes banks, corporations, FTSE 100 and Fortune 500 companies alongside "high net worth individuals". It also boasts many awards.
In total, the law firm has more than 200 lawyers operating in 10 global offices.
The company offers clients a wide range of services, including asset finance, investment services, structured finance, regulatory advice, property management and litigation. In Bermuda and Mauritius it is a member of the colossal network of legal firms, Lex Mundi.
It has however become the focus of a new ICIJ investigation into its clients' business dealings, seemingly based on revelations gleaned from the batch of leaked company documents.
News releases indicate Appleby has recently worked with financial institution HSBC on billion-dollar banking and merger deals, with drilling contractor Ocean Rig group on a $3.7bn restructuring and with UK investment giant Blackstone on a £559m acquisition.
In early June this year, the company released a blog post on cybersecurity which noted that "offshore financial centres represent an attractive target for cybercriminals".
It stated: "Cyber criminals can easily identify and exploit weak links in the flow of information between the organisation and its external providers." Isle of Man Today reported that Appleby first discovered the breach in May 2016 – well before this post was published.
According to The Telegraph newspaper, reports based on the leaked documents are set to be released in the coming days. It remains to be seen what revelations they will contain.
For now, Appleby has denied any suggestion of any wrongdoing.
"We are an offshore law firm who advises clients on legitimate and lawful ways to conduct their business," Appleby said in its breach notification statement.
"We do not tolerate illegal behaviour. It is true that we are not infallible," it added.
The statement continued: "We are disappointed that the media may choose to use information which could have emanated from material obtained illegally and that this may result in exposing innocent parties to data protection breaches.
"Having researched the ICIJ's allegations we believe they are unfounded and based on a lack of understanding of the legitimate and lawful structures used in the offshore sector."
Yet it appears that another Panama Papers-style set of disclosures is now imminent. Multiple news outlets are now reporting that wealthy and powerful clients are bracing for themselves for the avalanche of confidential data.