Investigation Launched into Data Breach at HWL Ebsworth
In a shocking turn of events, the Office of the Australian Information Commissioner (OIAC) has launched an investigation into a major data breach at HWL Ebsworth, one of Australia’s largest law firms. The breach occurred in April last year when the firm was infected by ALPHV ransomware, resulting in the theft of sensitive data. What makes this breach even more concerning is that the stolen data was eventually published on the dark web, affecting numerous government agencies, including Home Affairs and the Australian Federal Police (AFP).
The OIAC’s investigation, which comes despite the government’s previous conclusion of the incident, will focus on how HWL Ebsworth handled the security and protection of personal information, as well as how they notified those impacted by the breach. The Commissioner has various options available, including making a determination that HWLE takes specific steps to prevent future breaches and seeking civil penalties against the firm if serious or repeated interferences with privacy are found.
The cyber criminals responsible for the attack, known as ALPHV and linked to Russia, managed to steal a staggering 2.7 million files containing sensitive information about clients and employees. They initially sent a message to HWL Ebsworth, warning them about the data leak and giving them a three-day ultimatum. Unfortunately, the firm dismissed it as spam and did not take immediate action. It was only when ALPHV posted about the hack on the dark web that HWLE realized the severity of the situation.
Despite the firm’s spam filters blocking subsequent emails from the hackers, they eventually succeeded in contacting HWL Ebsworth and demanded a $5 million ransom. The communications between the hackers and the firm were revealed when Ebsworth obtained a Supreme Court injunction to prevent further information from being released.
The stolen data includes sensitive information about hundreds of corporate clients, dating back at least five years. It includes internal documents, lawyer and client communications, financial data, trade secrets, and details of commercial strategies. Furthermore, personal and sensitive information about individuals, including health records, identity documents, and information about their racial and ethnic origins, political opinions, political and religious affiliations, sexual orientation, and criminal records were also compromised.
HWL Ebsworth is known for its extensive clientele, which includes Australia’s four largest banks, major insurers, share market-listed companies, and governments. The breach has raised serious concerns about the security measures in place at the firm and the potential consequences for both clients and individuals affected by the data breach.
The OAIC’s investigation follows the release of the National Office of Cyber Security’s Lessons Learned Review on the response to the hack. This incident serves as a stark reminder of the importance of robust cybersecurity measures and the need for organizations to take proactive steps in protecting sensitive information.
As this investigation unfolds, it will be interesting to see what actions will be taken against HWL Ebsworth if any interferences with privacy are found. Additionally, this incident highlights the growing threat of cybercrime and the need for organizations across all sectors to prioritize cybersecurity to safeguard their clients’ and customers’ information.
 has launched an investigation into the breach, which resulted in the theft of sensitive data. Find out how this breach impacted government agencies and what actions may be taken against the firm. Learn about the growing threat of cybercrime and the importance of robust cybersecurity measures.){kind=link}