Updated: Conveyancing – Fallout continues from Simplify group “security incident” 

Home buyers are taking to social media to express their continued dismay and frustration after conveyancing giant the Simplify group was hit earlier this month by a “security incident” that took conveyancing firms Premier Property Lawyers, JS Law, DC Law and Advantage Property Lawyers offline.  

Simplify was formed in 2019 when My Home Move and the Simplify Group joined forces. The six conveyancing firms that are affected are among the largest in the UK. Cook Taylor Woodhouse and Gordon Brown Law, which are both part of the Simplify group, operate on separate IT systems which have been “entirely unaffected” by this issue. 

In a statement on the home page of its website as of today (29 November) Simplify says: “An ever-growing proportion of our conveyancing colleagues are back up and running on core systems and progressing transactions. We continue to prioritise the most urgent cases, and are working with clients to help them move forward towards exchange and completion 

“We very much regret any uncertainty and disruption that our clients and others may have experienced. Our team, supported by external experts, are working non-stop to get the remainder of our systems safely back up and running, with progress being made every day.” 

However, turning to Twitter, home buyers are complaining that they are in limbo, with @meganiwanina commenting on 27 November: “Removals for this weekend cancelled and remain in limbo #PremierPropertyLawyers.” 

Others have reported a three-to-five week backlog depending on how their move is prioritised. And @CarterRoscoe said on Twitter yesterday (28 November): “So just had my contact call from #PremierPropertyLawyers, nice to hear that my conveyancers have system access, but if you can’t tell me if I’ll get an actual update this week, next week or next month is [sic] not helpful.” 

The Council for Licensed Conveyancers has confirmed that the six conveyancing firms named above were the subject of a security incident on 7 November, which was reported to the CLC as the regulator of those firms early on 8 November.  

It says in a statement updated on 22 November: “Since then, the CLC has been monitoring the incident closely. We have received assurances about the steps that the firms are taking to protect their clients’ interests by safeguarding client money and working to progress transactions that were under way when the incident occurred, wherever possible.” 

The CLC add: “We have been assured by Simplify that the security of client funds was not compromised in the incident. We have also been assured that all contracted completions due to take place since the incident began have been completed successfully. 

“The CLC is also closely monitoring the operations of the involved firms and have set out our expectations that Simplify ensures its clients’ interests are being protected and any disruption to individual clients and chains of house sales and purchases is being contained as far as possible.” 

While the precise nature of the incident is unknown, the CLC says in its statement: “The nature of the incident means that systems must be restored carefully to ensure their security and to protect the firms’ clients. The cautious approach needed will continue to shape the operations of the involved firms and will inevitably delay some transactions. 

Clients who have not yet exchanged contracts with their seller or buyer have been advised to consider whether to progress their transactions with their current conveyancer or to instruct another. The CLC advised: “This could mean that you would need to start from the beginning, and this may result in your transaction taking longer. You should consider how far advanced your transaction is – how much work has already been done on it – when you make your decision. The CLC expects Simplify’s conveyancers to set this out clearly for each client.” 

Simplify had this to say:

Is it right to describe it as a cyber-attack?

“We can confirm that Simplify was recently subject to an IT security incident, which limited access to some of our key IT systems, and which we are continuing to investigate. As you would expect, we rapidly deployed a specialist response team, including external security experts, who have worked around the clock to investigate the incident. Simplify immediately notified all relevant authorities, including the ICO and the police. The incident remains under investigation and accordingly it is not appropriate for us to comment any further.”

Can I have an official up to date statement about where you are at in remedying the situation?

“As of last week, the majority of our conveyancing colleagues were back up and running on core systems, and actively working on cases. We have restored IT systems sufficiently to enable clients to move. We are continuing to complete all contracts already exchanged and we are now exchanging contracts and completing on additional transactions that are ready to exchange.

To ensure our clients are updated, we have substantially increased our customer relations teams to enable us to proactively contact almost all clients who are scheduled to complete and exchange. We had several days at the beginning of the outage with minimal telephone capacity, but we now have hundreds of colleagues making outbound phone calls to clients and this team are calling every client with an update. Due to robust business continuity plans and alternative solutions to help clients, Simplify are able to progress cases and enable clients to move, even without access to all systems and expects numbers to increase steadily as the capacity of our restored systems builds. We understand the uncertainty and disruption that our clients and others may have experienced over recent weeks and now look forward to restoring confidence in our services as we progress their home-moves through to completion.”