International agents were responsible for a cyber attack on Legal Aid ACT late last year in which vast amounts of staff and client data was stolen, but the information has so far not entered the public domain.
Attorney-General Shane Rattenbury on Tuesday confirmed for the first time the "threat actor" responsible for the data breach was based overseas.
"An AFP investigation remains open. It was identified that international agents mounted the attack on Legal Aid ACT. Monitoring by the AFP has not identified the release of any of the data onto the public domain," Mr Rattenbury told the Legislative Assembly.
Mr Rattenbury said the government would continue to bolster cybersecurity infrastructure and shorten cyber incident response times.
The experience of responding to the Legal Aid cyber attack has put the ACT government in a stronger position to reduce the risks of cyber threats and effectively respond in the future, he said.
The Legal Aid cyber attack, on November 3, 2022, was also the first time the government's recently completed cyber emergency plan was used.
"Legal Aid ACT took swift action to ensure any vulnerable people were protected. Over a 1000 risks assessments were conducted, and in partnership with the Domestic Violence Crisis Service a range of precautionary measures was undertaken. Counselling for individuals was provided, and legal support has been ongoing to ensure protections are in place," Mr Rattenbury said.
"In alignment with the ACT Government policy position, no ransom was paid by the ACT Government in response to this incident."
Legal Aid ACT has previously indicated it did not believe the attack was targeted.
"The cybercriminal did not target any particular groups of information. They copied a broad range of files with no identifiable pattern. Unlike some crimes where a whole client record gets copied, we are learning that this was a haphazard approach which copied parts of files randomly," Legal Aid ACT chief executive Dr John Boersig said in November.
Stolen data included personal information, names, addresses, birth dates, phone numbers and email addresses.
We've made it a whole lot easier for you to have your say. Our new comment platform requires only one log-in to access articles and to join the discussion on The Canberra Times website. Find out how to register so you can enjoy civil, friendly and engaging discussions. See our moderation policy here.