A recent report by The Australian highlights a serious internal breach at prominent law firm Slater & Gordon, now the subject of litigation in the Victorian Supreme Court. The matter underscores critical vulnerabilities in data security and internal controls within professional services firms.
It is alleged that Bridgett Maddox, a former payroll manager with a documented history of fraud-related convictions, was behind a hoax email sent firm-wide in February 2025. The email, appearing to originate from then-interim Chief People Officer Mari Ruiz-Matthyssen, included sensitive salary data and defamatory content about senior executives. Forensic analysis allegedly linked the document metadata to Ms Maddox.
Despite reportedly having early indications of her non-involvement, Ms Ruiz-Matthyssen claims the firm failed to issue timely public or internal statements clearing her name. She has now commenced proceedings alleging negligence and breach of duty of care, citing reputational damage, lost employment opportunities, and psychological harm.
The case raises important considerations for legal practitioners and firm managers: the need for robust access controls, timely incident response protocols, and clear internal communication procedures during suspected cyber or data breaches. Notably, it also illustrates the reputational and legal risks when concerns about an individual’s access to confidential information are not promptly and decisively addressed.
Firms should regularly audit system access, ensure proper offboarding procedures, and maintain real-time monitoring of potential threats—especially where employees have access to sensitive client or personnel data. This incident is a timely reminder that internal threats can be as damaging as external attacks, and that failure to respond swiftly and transparently can compound the harm.
As legal professionals, vigilance in data governance is not just a matter of compliance but a cornerstone of client trust and professional integrity.