Legal Practice Board of Western Australia hit by ransomware, exposing legal practitioner data
Learn More
The Legal Practice Board of Western Australia reports a ransomware attack claimed by the Dire Wolf cybercriminal gang that compromised sensitive information belonging to legal practitioners and other individuals.
The attack occurred on May 21, 2025. It was claimed by the Dire Wolf ransomware gang. The attackers claim to have stolen 300 gigabytes of data. On May 26, 2025, the gang listed the Legal Practice Board of Western Australia as a victim on its dark web leak site and published a timeline threatening to release the stolen data in stages, with half the files scheduled for publication on June 15 and the remainder on June 30. The exposed data types include:
- Health information
- Identity information
- Financial information
- Contact details (minimal)
- Operational and resourcing information
- Bank account details for the Board and affected individuals
On May 27, 2025, a small amount of data was briefly published online by the attackers but was removed within 24 hours following takedown efforts.
The number of affected individuals has not been disclosed by the Legal Practice Board of Western Australia. The organization reports that the incident impacted legal practitioners among others but has not provided details.
Board implemented temporary manual workarounds to continue delivering key services, including processing applications and renewals for Australian practicing certificates. The organization is working with government agencies including the Office of Digital Government Western Australia, the Office of the Australian Information Commissioner, the Western Australian Information Commissioner, the Western Australia Police Force, and the Australian Cyber Security Centre.
The Board started notifying affected individuals on October 1, 2025, via email and post. Each notification statement outlines support services available that are specific and tailored to the information involved for each individual. The organization has established a 24-hour helpline at 08 7070 2413 and an email address at incident@lpbwa.com for individuals with questions or concerns about the incident. The Board has advised that if individuals have not received a notification by email or post, there is no action they need to take.
