Offshore giant Appleby has admitted that some of its clients’ data was “compromised” in a data security incident last year, but insists its practices and clients’ businesses are legitimate.

The fourth largest offshore law firm Appleby has come under the spotlight as the International Consortium of Investigative Journalists (ICIJ) launched an investigation into the business of the firm’s clients via leaked documents.

The ICIJ enquiries come following a data security breach in the Bermuda-based firm’s IT system in 2016 and concern the firm’s business and the activities conducted by some of its clients.

It is reported that a number of media organisations are preparing to release details of the leaks over the coming days.

Appleby issued a statement last night in response to the ICIJ allegations, although it did not specify what the allegations were.

“These enquiries have arisen from documents that journalists claim to have seen and involve allegations made against our business and the business conducted by some of our clients,” said the firm.

The firm said it took any allegation of wrongdoing “extremely seriously”, and found “there is no evidence of any wrongdoing, either on the part of ourselves or our clients” having investigated the allegations itself.

“We are a law firm which advises clients on legitimate and lawful ways to conduct their business. We do not tolerate illegal behaviour,” said the statement.

“It is true that we are not infallible. Where we find that mistakes have happened we act quickly to put things right and we make the necessary notifications to the relevant authorities.”

In light of intensifying scrutiny on law firms’ cyber security and data protection systems, Appleby added that: “We are committed to protecting our clients’ data and we have reviewed our cyber security and data access arrangements following a data security incident last year which involved some of our data being compromised. These arrangements were reviewed and tested by a leading IT forensics team and we are confident that our data integrity is secure.”

The firm expressed the view that it was “disappointed” that the media may choose to publish material “obtained illegally” and said this may result in “exposing innocent parties to data protection breaches”.

“Having researched the ICIJ’s allegations we believe they are unfounded and based on a lack of understanding of the legitimate and lawful structures used in the offshore sector,” it concluded.

According to The Lawyer’s 2017 Offshore Top 30 report, Appleby is the fourth largest offshore law firm by number of lawyers. In 2016, it had 464 staff, including 223 fee-earners, 60 of whom are partners.

The firm has adjusted to being a stand­alone law firm following the disposal of its fiduciary business in December 2015. Following the sale, Michael O’Connell was re-elected to managing partner in January 2016 for a three-year term.

Its clientele range from super-rich individuals to UK FTSE 100 and global private equity firms and financial services institutions. The Lawyer Market Intelligence database shows Appleby’s corporate clients include Aberdeen Asset Management, Accenture, Alix ­Partners, Apollo, Aviva Investors, Barclays Group, Blackstone, Catlin Group, Citibank, Credit Suisse, Goldman Sachs, Hiscox, HSBC Bank, ­Investec Group, JPMorgan Chase, KPMG, ­Libyan Investment Authority, Lloyds Banking Group, PwC, Rabobank, Royal Bank of Scotland Group, Santander UK, Stan Chart, Wells Fargo Bank, and Zurich Municipal Insurance.

This is the latest incident concerning the business of offshore law firms and the use of “tax havens” and secretive offshore entities by high-net worth individuals and corporations. In 2016, the leak of millions of documents from Panama law firm Mossack Fonseca hit headlines globally.

A number of global law firms were named in the Panama Papers document leak, which prompted the Solicitors Regulation Authority (SRA) to ask a number of law firms to carry out a review of whether they were linked to the law firm at the centre of the Panama Papers data leak.