An ACT government body has refused to pay a group of international cyber criminals a ransom.
Hackers took a "substantial amount of data" from Legal Aid ACT on Thursday, November 3.
The criminals have requested money in return for not publicly releasing data of clients, many of whom are extremely vulnerable, Legal Aid ACT CEO Dr John Boersig said.
The decision not to pay a ransom is in line with federal and territory government advice, he said.
Dr Boersig has revealed the organisation appealed to the criminals' better nature to prevent them publishing client information.
"We have explained to them that we offer free legal services to people who are already in a position of needing help," he said on Monday.
"We are asking them not to release our client data online as there are no advantages to be gained and it would only hurt vulnerable people."
While the organisation has tried to contact their most vulnerable family violence clients, they are also concerned about refugees, Dr Boersig said.
"There are people who come to our shores who come from background where their family will be at risk [if their data is released]," he told an inquiry last week.
"People have come to these shores for a whole range of reasons. And I don't want to get alarmist about this, but they are refugees for a reason, and we've acknowledged them for a reason."
Dr Boersig said the service was the main place Canberra's refugees and migrants came to for migration assistance.
He said it was assisting around 160 Afghan families and a number of people from Iran.
Legal Aid ACT had "some lessons to learn around what's happening to Medibank", Dr Beorsig said.
One Legal Aid ACT client is having a security system installed because of the hack, and the safety risk it has created.
A police alert has been created for two of nine people, mostly women, who were identified as the most vulnerable family violence victims.
"These are mostly women, where their private and confidential information was not available to the other side [of legal proceedings]," Dr Boersig said.
"At this stage we have identified nine people in that category, and of those nine people, only two are we unable to contact."
The agency has been in contact with the international cyber attackers.
The criminals infiltrated the commission's systems and copied personal information about clients.
Dr Beorsig said: "You will see from what's happening with [the Medibank Private hack], the kind of people we're dealing [with]."
He has previously said the criminals have made demands.
Officers from the Australian Federal Police's specialised cybercrime investigators are helping investigate the hack.
We've made it a whole lot easier for you to have your say. Our new comment platform requires only one log-in to access articles and to join the discussion on The Canberra Times website. Find out how to register so you can enjoy civil, friendly and engaging discussions. See our moderation policy here.
