Cyber breach at HWL Ebsworth: sensitive data released

According to Darren Goldie, Australia's national cyber security coordinator, a russian ransomware group known as ALPHV/Blackcat is responsible for leaking sensitive and personal government information stolen from the renowned law firm HWL Ebsworth. The significant breach of security has been confirmed by Goldie himself, who continues to work with the law firm to understand the extent of the damage and the number of Australians involved.

Details about the attack and data leak

The ransomware group, with russian ties, announced on the dark web in late april that it had breached data at law firm HWL Ebsworth. Later in the month, the group released some of the data it claimed to have stolen, which it later estimated at 3.6TB, of which 1.1TB was made public. "Several australian government entities were impacted by the HWL Ebsworth security incident, with the disclosure of sensitive government and personal information", Goldie said.

Remediation and preventive measures for the future

Goldie added that they are actively interacting with HWL Ebsworth to understand the full scope of the incident, including the extent of the impact on private sector clients, as the data analysis continues. Further coordination meetings are planned to address issues relating to HWL Ebsworth's wider client base. The goal is to ensure that the lessons learned from this incident are shared so that we can collectively improve responses to cybersecurity incidents.

Impact and actions relevant to government agencies

An analysis of over 1,000 HWL Ebsworth contracts posted on AusTender over the past decade revealed that at least 60 government departments or agencies have used HWL Ebsworth's services. The agency responsible for the National Disability Insurance Plan is investigating whether sensitive client information related to the appeals cases was involved in the massive cyberattack on the law firm. Affected entities are beginning the process of notifying affected individuals about the impact of the data breach on their information. “The department's Legal Services Working Group, which includes representatives from relevant entities across the Australian Government, continue to meet regularly to work with HWL Ebsworth to address the aftermath of the cyber incident”, Goldie said.