This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

HWL Ebsworth

Summary

HWL Ebsworth, a major Australian law firm providing legal services to government agencies and private sector clients, suffered a ransomware attack on 28 April 2023. The ALPHV (also known as BlackCat) ransomware group stole approximately 3.5 terabytes of data comprising 2.5 million documents before releasing 1 million documents publicly. Sixty-five Australian Government entities, including defence and national security agencies, were affected by the breach.

What Happened

On 28 April 2023, the ALPHV (BlackCat) ransomware group attacked HWL Ebsworth's systems and exfiltrated approximately 3.5 terabytes of data, representing approximately 2.5 million documents. The stolen files included confidential client information spanning decades of legal work for government departments, private corporations, and individuals.

The threat actors published a significant portion of the stolen data after ransom negotiations failed. The breach exposed sensitive legal advice, national security information, litigation documents, and highly sensitive personal information relating to vulnerable persons.

Impact on Individuals

As of 18 September 2023, a total of 65 Australian Government entities had been impacted as direct clients of the firm through its legal and consulting services. Affected government agencies included the Department of the Prime Minister and Cabinet, the Department of Foreign Affairs and Trade, the Defence Portfolio, the Reserve Bank of Australia, the Australian Federal Police, Australia Post, and the National Disability Insurance Agency.

The information breached ranged from national security matters and legal advice given in litigious matters to information relating to vulnerable persons, including people with a disability, victims of crime, and sensitive personal information. Private sector clients, including the four major banks, were also affected.

For individuals whose information was exposed, the breach created risks of identity theft, targeted scams, and potential misuse of highly sensitive medical, legal, and personal information that was contained in legal case files.

Organisational Response

The Australian Government coordinated a whole-of-government response to the incident, given the scale and sensitivity of the compromised information. In September 2023, the National Cyber Security Coordinator concluded that the law firm was in a position to deal with the aftermath and response to the breach without ongoing government assistance, marking the end of the formal coordinated response.

HWL Ebsworth engaged cyber security experts and worked with affected clients to assess the scope of compromised information. The firm continues to operate and has implemented additional security measures.

Verification Source: View original statement