Sensitive and personal government information has been stolen from law firm HWL Ebsworth by a Russian ransomware gang and posted online, Australia’s new cybersecurity chief says.
The significant breach was confirmed by new national cybersecurity coordinator, Darren Goldie, who said he was still working with the law firm to understand how many Australians have been affected.
The Russian-linked ALPHV/Blackcat ransomware group said in a post on the dark web in late April that data from the law firm had been hacked. Earlier this month, the group published some of the data it claimed to have stolen – later established to be 3.6TB worth of data, of which 1.1TB has been posted.
“A number of Australian government entities have been impacted by the HWL Ebsworth cyber incident, with sensitive personal and government information released,” Goldie said on Wednesday.
“I am actively engaging with HWL Ebsworth to understand the complete picture of this incident, including how their private industry clients have been impacted, as the data analysis continues.
“Additional coordination meetings are occurring to address issues for HWL Ebsworth’s broader client base. We will work to ensure the lessons from this incident are shared so that we can continue to collectively bolster our responses to cyber incidents.”
An analysis of more than 1,000 contracts with HWL Ebsworth published on AusTender over the past decade revealed that at least 60 departments or government agencies have used HWL Ebsworth’s services including the Defence Department, Home Affairs, the Australian federal police, Prime Minister and Cabinet, Services Australia and the Fair Work Ombudsman.
The agency responsible for the national disability insurance scheme has also been scrambling to learn whether sensitive client information related to appeal cases has been caught up in a large cybersecurity hack on the law firm.
“Impacted entities are commencing the process of notifying affected individuals about the impacts the data breach has had on their information, and to meet their relevant obligations under the Privacy Act 1988,” Goldie said.
“The department’s legal services working group, comprising representatives from relevant entities across the Australian government, continues to meet regularly to work with HWL Ebsworth on addressing the impacts from the cyber incident for government entities.”
Blackcat was one of the top three ransomware groups targeting Australia according to a recent study by cybersecurity firm Palo Alto Networks. The group operates as a “ransomware-as-a-service” product for hire, and has been active since late 2021. Cybersecurity company Sophos said that the group had consistently targeted large organisations.
