Many of the world's richest and most powerful people are bracing themselves for a huge leak of their information.
The Bermuda hack – which could be somerthing like a repeat of the Panama Papers – may be about to lead to a major examination of the financial, corporate and tax affairs of the most important people on the planet.
High net worth individuals and the world's biggest companies are gearing up with legal firms and PR companies for the huge drop. But here's exactly what it means, who will be affected and how.
What's about to happen?
We don't know exactly, but something big. A number of media organisations are gearing up to release information from the cyber attack, though it's not clear what that information will be.
What is Appleby?
This is the biggest clue to what's about to happen, really. Appleby is a leading offshore law firm that does work for people including the super-rich and many of the world's biggest international corporations. That works likely to take a number of forms, but much of it happens from Bermuda, where it is based, meaning that it probably has some connection to tax affairs.
And what happened to them?
They suffered what they called a "data security incident", which is presumably a hack of some description. It happened last year, but the consequences are just becoming clear – Appleby said it has gone public with the event because it was contacted by journalists about its "business and the business conducted by some of our clients", with the resulting story expected to be published soon.
Many of the world's most famous, influential and important people, according to numerous reports. The company behind the hack looked after the affairs of some of the richest people around, and so you can expect them to be caught up in the attack.
For the most part, that's probably going to be influential people who could be accused of hypocrisy or outright immorality on the basis of their business dealings. Anyone caught up in it may well know about it already – The Telegraph reported that a number of wealthy and high-profile people are speaking with lawyers and PR firms, presumably because they've either been contacted by journalists or because they know their information was being held by Appleby.
The other major concern will be among the government. Appleby's has offices in a number of British overseas territories, and the information could show that business is happening in those places that should have been clamped down on by authorities.
Is this like the Panama Papers?
It is remarkably similar, and comes just about a year after that leak. Though the methods were different, the aftershocks and details of the Panama Papers are a good clue for what might happen.
In that case, news organisations that got hold of the papers used them almost entirely responsibly, to report information that was in the public interest. The – but that hasn't
Appleby's has said it was “disappointed” that the media may choose to publish material “obtained illegally” and warned that it may result in “exposing innocent parties to data protection breaches”.
Of course, if the information makes its way into the public domain then it's likely that it will be used by hackers. The fact that the Panama Papers were leaked by a source meant that wasn't likely to happen to data contained in them, but we know from other major cyber attacks that hackers are decidedly not shy about taking publicly available information and using it to make money, either through the obvious means or through blackmail.
Do I need to worry?
Probably not, unless you're one of the global public and private companies, financial institutions, and “high net worth” individuals who does its business with Appleby's. Even if you are, then the company has advised its customers that their data remains secure – though the very fact that it had to say it suggests that there might be some risk.
None of which is to say that you should stop being vigilant. As with any hack, the repercussions can go further than just those who have their details being stored by the compromised companies – the files held by Appleby's presumably include detailed information about their customers' associates, for instance, and that might be you.
Either way, the advice is always the same: watch for questionable activity happening in your accounts, both online and financial; make sure your passwords are regularly changed and your details are up to date; regularly check your credit reports;
How can I avoid this sort of thing happening to me?
The short answer is that it's almost impossible. In this case, like in the Equifax hack, the people who are being caught up in it might have had no option: they simply gave over their data to a company they trusted, and that company's servers were broken into.
With Equifax, many people caught up in the hack weren't even aware that the company was holding their details. That's because it didn't necessarily ask for permission – the company's business model involves hoovering up financial and other data and using it on behalf of other companies, meaning that it remains mostly unknown.
Still, that doesn't mean it's not worth making sure that you're handing your data over to responsible companies, when you can. Your personal information is one of the most valuable things you own, and companies often (mostly correctly) presume that people aren't aware of that – so just like you would with other things, make sure that you use companies you can trust to have put the work in to keep you safe.
But just as important is behaving as if you've already been part of such a hack, in small ways. Make sure that you check through your bank accounts and credit score regularly, looking for anything untoward, for instance.
Ultimately, though, the fallout from the Bermuda hack could be huge – but will probably only affect people in the public eye. For most people, there can be financial but not reputational repercussions from such hacks, and so as long as you're not using sensitive websites like Ashley Madison, it's unlikely you'll suffer in the same way.
What does Appleby have to say?
Exactly what you'd expect, really.
“We are an offshore law firm who advises clients on legitimate and lawful ways to conduct their business," read a statement.
"We do not tolerate illegal behaviour. It is true that we are not infallible. Where we find that mistakes have happened, we act quickly to put things right and we make the necessary notifications to the relevant authorities.
“We are committed to protecting our clients' data and we have reviewed our cyber security and data access arrangements following a data security incident last year which involved some of our data being compromised.
“These arrangements were reviewed and tested by a leading IT forensics team and we are confident that our data integrity is secure.”