Data Breach Down Under: Australian Government Falls Victim to Law Firm Ransomware Attack

#### **By | June 20, 2023**

**The Office of the Australian Information Commissioner (OAIC) has confirmed that some of its files were stolen in a ransomware attack on law firm HWL Ebsworth, one of the largest law firms in Australia. The incident, which was discovered on April 28, involved the Alphv/BlackCat ransomware gang boasting about the hack. The law firm immediately informed the Australian authorities and initiated an investigation.**

### **The Breach and Impact**

The investigation conducted by HWL Ebsworth indicates that the threat actor accessed and exfiltrated certain information from a confined part of the firm’s system, excluding its core document management system. On June 9, the ransomware group leaked data on their leak site, claiming that it was stolen from HWL Ebsworth’s systems. The law firm asserts that it did not pay the ransom demands, suggesting that it did not cave in to the gang’s pressure.

At present, the full extent of the data breach is still being determined by HWL Ebsworth. The law firm has committed to notifying all individuals whose personal information may have been compromised. It has also obtained an injunction forbidding discussion of specific information that was stolen.

The breach has had far-reaching consequences, affecting several government departments and organizations that are clients of HWL Ebsworth. The OAIC, the Australian privacy and freedom watchdog, has disclosed that a limited number of its files were included in the breach. Additionally, the NDIS Quality and Safeguards Commission, the Australian Federal Police, the Commonwealth Director of Public Prosecutions, the Department of Defence, the Department of Home Affairs, the Department of Foreign Affairs, and the Taxation Office have all been impacted. The National Australian Bank, which uses HWL Ebsworth for legal services, has stated that a small percentage of its customers may have been affected.

### **The Response and Investigation**

Upon discovering the breach, HWL Ebsworth promptly informed the Australian authorities and launched an investigation into the incident. The firm has been cooperating with cybersecurity experts and forensic investigators to determine the extent of the attack, mitigate any damage, and prevent future incidents. However, due to ongoing legal proceedings, the law firm has been restricted in the information it can disclose about the breach.

The OAIC has also been proactive in responding to the breach affecting its files. It has taken steps to ensure the security of its systems and has been working closely with HWL Ebsworth to assess the impact and ensure the affected individuals are notified in accordance with privacy requirements.

### **The Ransomware Gang and the Data Leak**

The Alphv/BlackCat ransomware gang, responsible for the attack on HWL Ebsworth, has reportedly leaked approximately 1.5 terabytes of data, out of the 3.6 terabytes it allegedly stole. The ransomware gang’s actions highlight the growing threat and sophistication of ransomware attacks, as well as the increasing boldness of these criminal groups.

The leak of stolen data by ransomware groups poses significant risks, not only to the organizations targeted but also to individuals whose personal information may be exposed. The stolen data can potentially be used for identity theft, fraud, and other malicious activities. It is crucial for affected individuals to be vigilant and take necessary precautions to protect their personal information.

### **The Significance and Implications**

This ransomware attack on HWL Ebsworth and the subsequent data breach affecting government agencies and organizations underscore the urgent need for robust cybersecurity measures. Cyber threats continue to evolve, and organizations must prioritize the implementation of security protocols and invest in advanced technologies to safeguard their systems and data.

The breach also raises questions about the security practices and measures in place for law firms and other entities that handle sensitive information. As cybercriminals increasingly target industries and sectors that hold valuable data, it is imperative for organizations to strengthen their defenses and prioritize cybersecurity as a crucial aspect of their operations.

### **Advice for Organizations and Individuals**

In light of this incident, organizations should reevaluate their cybersecurity strategies and consider implementing the following measures:

**1. Robust Security Measures:** Organizations should invest in cutting-edge security solutions, such as advanced threat detection systems, intrusion prevention systems, and encryption technologies. Regular security assessments and audits can also help identify vulnerabilities and ensure systems are up to date.

**2. Employee Education and Awareness:** Human error remains one of the primary causes of successful cyber attacks. Organizations must prioritize cybersecurity training for employees to promote awareness of phishing scams, social engineering tactics, and best practices for data protection.

**3. Incident Response Planning:** Organizations should develop comprehensive incident response plans to expedite the detection, containment, and remediation of cyber attacks. These plans should include effective communication strategies, legal considerations, and coordination with law enforcement agencies.

Individuals should also take proactive steps to safeguard their personal information:

**1. Monitor Accounts and Statements:** Regularly review bank statements, credit card transactions, and other financial records for any unauthorized activity. Report suspected fraudulent activity to the relevant financial institutions immediately.

**2. Enable Two-Factor Authentication:** Enable two-factor authentication whenever possible for online accounts. This additional layer of security can help block unauthorized access by requiring a second form of verification.

**3. Be Cautious of Phishing Attempts:** Exercise caution when clicking on links or opening attachments in emails, especially if they are from unknown senders or appear suspicious. Cybercriminals often use phishing emails as a method to trick individuals into revealing sensitive information or downloading malware.

### **Conclusion**

The ransomware attack on HWL Ebsworth and the subsequent data breach affecting government organizations highlight the need for greater cybersecurity vigilance. Organizations must invest in advanced security measures, educate employees, and have robust incident response plans in place. Simultaneously, individuals must remain vigilant, take precautions, and report any suspicious activity to protect their personal information. Cyber threats continue to evolve, and it is crucial for all stakeholders to remain proactive in the face of this growing menace.