Conveyancing firms in the Simplify Group, hit by a massive systems crash for much of this week, say they are working around the clock to help agents and their clients.
Simplify Group’s conveyancing brands include Simplify, Move with Us, My Home Move Conveyancing, Premier Property Lawyers, DC Law, and JS Law; their websites and many of their online systems have been down since Monday.
There is still no news on what caused the crisis, which is now in its fifth day. This has inevitably led to speculation in the conveyancing, IT and agency worlds, with some suggesting it was a deliberate hack.
The issue has affected many agents, and not just those directly with vendors and buyers using Simplify: those using rival conveyancers but who had Simplify clients in the chains are also subject to delays.
The latest message on the Simplify brand company websites is:
“We have now restored IT systems sufficiently to enable clients to move. The good news is that almost all contracted transactions with a fixed completion date are up to date.
“We have been working through the night and will continue to proactively contact clients who are scheduled to complete. If we have not already contacted you, please help us by completing the form here so that we can prioritise our response.
“We would assure you that we have been working round the clock to restore our operations. This includes carefully bringing systems online as part of a secure phased approach and finding workarounds to complete transactions safely.
“At all times we have been acting in the best interests of our clients and understand how challenging this situation has been for them.”
And the Council for Licensed Conveyancers is displaying this message:
“We are advised by the Simplify Group that following preliminary investigation of systems outages, it is now aware that certain parts of its business (including Premier Property Lawyers), have been affected by a security incident involving some IT systems.
“The Simplify Group responded immediately upon discovery of the incident by engaging a number of third-party cyber specialists to fully restore systems, find ways to support clients’ property transactions and undertake a thorough investigation to gain a fuller understanding of the incident.
“The Simplify Group have therefore taken proactive steps to contain the incident, including by taking a number of their systems offline as a precautionary measure. We understand the Simplify Group has also taken steps to report the incident to relevant authorities and to contact its clients and partners.
“The current issues relate to the temporary inability to access some of the IT systems, which has regrettably prevented the completion of some transactions. The Simplify Group are working hard to find further solutions and provide all the support it can to its clients and partners at this difficult time.
“Whist the recovery effort is underway, any clients who are unable to contact their conveyancer via the usual channels may wish to complete a web contact form via THIS LINK which will allow Simplify to make direct contact.”
Join the conversation
Jump to latest comment and add your reply
It does look like the affected firms are clearing the backlog and that things are improving daily. That must be good news for all involved in the transactions currently underway. However, I imagine this will make some of the more traditional firms think twice about relying more and more on technology. Would be interesting to hear the views of lenders and PII companies. It might be a temporary small step back for tech, but surely no more than that?
This kind of issue suggests a requirement to invest more, not less, in technology. Systems dealing with such incredibly important matters needs the very best IT systems with top level security and lots of redundancy and back-up in place should the principal system go down.
I really hope that law firm owners won't use this as another excuse not to adopt technology - that really would be a major set back.
Its all part of risk management - I'd be keen to see what plans law firm owners have in case they have a fire in their offices? Having seen several firms go bust after fires, maintaining the status quo doesn't seem so good.
I have received some thoughts from two experts in the field:
“They will no doubt have a Cyber policy which is the correct policy in this instance, however a wise broker would also notify the PI insurers on a “just in case“ basis .
The Cyber policy would have provided (in no particular order):
IT experts to start solving the problem caused by any third party attempts to sabotage a Firm’s systems. These are specialist technicians who are thoroughly up to date on the latest threats and “bugs“ in a way that the in-house IT department or usual suppliers will not be
PR advisers to handle the messaging to Clients and the wider outside world
Specialist Lawyers to tackle any legal angles including regulatory issues”
“Without knowing exactly all of the specifics, what has been reported suggests that they may have been subjected to a significant cyber-attack that has severely disrupted their services. Hopefully, they have not also created any financial loses.
For me this serves as a perfect reminder for all practices to do two things:
1. Continuously review and invest in upgrading IT security: Prevention is better than cure.
2. Invest in a comprehensive cyber policy annually: Risk mitigation is absolutely crucial, but No system is impenetrable, the pentagon has been hacked previously which demonstrates this. Having a comprehensive cyber policy will save valuable time, as you will have access to the numerous experts, IT and otherwise to identify how the criminals have got in, protecting your clients from losses, restore your systems to safe working order whilst ensuring that you are complying with your regulatory responsibilities ICO and SRA. It will also help preserve reputations.
Sadly, this problem is not going away and I suspect that all law firms will be very attractive targets for the Criminals.”
The focus should be on urging the government to do more to combat cyber crime. Whether it is old folks receiving daily calls from scammers pretending to be HMRC, right through to sophisticated hacking of law firms and banks, we have an epidemic of tolerated criminality in this area. There should be a Minister solely for this issue, and the measures taken to combat it need to be extra-territorial and Draconian. Enough is enough!
I agree with your comment, particularly the part about draconian measures, and would add people should also take more responsibility in so far as being cautious not to pass personal financial details to people or firms they don't know either in person or online.
There is a crisis in IT unfolding before our eyes at the moment in this country. There is a crisis of complexity in the industry anyway, with even the best IT pros struggling to keep up with the rate of change and explosion of increasingly complex new technologies. Keeping these systems secure and functioning properly gets harder each year. To deal with this problem businesses need to be spending more on IT, expanding their in-house IT staff and training them better.
Instead they are spending less, and outsourcing more and more development and even operations work, particularly to India. Skills are being lost at a time when we need them more than ever. And then at the same time we have the government crippling the industry with IR35 tax legistlation, driving the most capable into early retirement.
These incidents will get more frequent and worse unless there is a fundamental change in these trends.
I do think the advent of working from home has added to the security risks by creating more back doors these hackers may have for gaining access. These firms also outsource to India which creates even more risk. I am not saying that is how something happened here but reduce the risk surely? So first think the CLC should be doing is banning outsourcing from today. The rest of the issues can be dealt with when the fallout settles, and there are plenty of those.
Back doors are deliberately left in code to allow later access, either by bad actors or for genuine reasons. I think you mean vulnerabilities, which are exploitable bugs which can be used to gain unauthorised access.
I don't see how working from home can create more vulnerabilities though; processes around code quality are exactly the same wherever the developer is sitting. Network security for remote workers is potentially a factor, but VPN technologies work very well and have been in widespread use for a very long time -- since well before the WFH revolution.
Outsourcing causes all sorts of problems though, and is really just a short sighted race to the bottom.
Being in a No-Win situation with PPL slow progress in resolving this problem, what can those caught in the middle of this do?
Imagine if this had happened in the run up to the Stamp Duty deadlines.
We don't know about the causes of the Simplify incident but it needs to be remembered that the biggest cyber security threats are not necessarily complex. The majority of cyber criminals are not tech geniuses - they are lazy, disfunctional individuals. The biggest threat is often no more than hacking a client email account and pretending to be a law firm, thereby diverting funds. Email is where the majority of the risks lie.
“I know you have seen reports of the issues involving IT systems for some parts of the Simplify Group, and some of its law firms, and think it may involve work undertaken by Cook Taylor Woodhouse Solicitors given they are part of the Simplify group.
Thankfully, Cook Taylor Woodhouse continues to operate separate IT systems and banking services from the rest of the Group. This means that they are not affected by the recently reported IT issues. Cook Taylor Woodhouse can continue to provide their client services as normal to their clients, lenders and colleagues in the industry as normal.” RH
“A CLC team visited the offices of the Simplify Group on Friday 12th November following the serious security incident that was notified to us on Monday morning. The CLC has been in close touch with Simplify all week.
At this visit the CLC team met the leadership of Simplify to review the steps they have taken to ensure transactions are completed and that client funds and data are protected.
We are reassured by the progress Simplify has made to date and by their plans for the remaining recovery work, however, we will continue to monitor the CLC regulated practices to ensure clients interests continue to be secured and the CLC’s own regulatory requirements are met.” CLC
Any update on this? when are the service likely to return to normality? thank you
I wish I had seen this before signing up to use Advantage Property Lawyers. It would have meant I could have avoided them entirely!!! I had next to zero confidence in them BEFORE I read this article (Yes I know it's old) - but I have even less now.
Please login to comment