Multiple Australian Government agencies impacted by HWL Ebsworth breach

The Office of the Australian Information Commissioner (OAIC) has confirmed that some of its files were stolen in a ransomware attack on the law firm HWL Ebsworth, one of the largest law firms in Australia.

HWL Ebsworth has immediately notified Australian authorities, stating that the threat actor had accessed and exfiltrated certain information from a confined part of its system but not its core document management system.

The ransomware group, BlackCat, published some of the allegedly stolen data on their leak site on June 9, indicating that the law firm did not comply with their ransom demands.

The full impact of the data breach is yet to be determined, and affected individuals will be notified.

The incident has reportedly affected various government departments, including the NDIS Quality and Safeguards Commission, the Australian Federal Police, and the Taxation Office. The Alphv/BlackCat ransomware gang has leaked approximately 1.5 terabytes of the 3.6 terabytes of data they claim to have stolen from HWL Ebsworth.

The National Disability Insurance Agency (NDIA) is engaging with HWL Ebsworth regarding the cyber incident experienced by HWL Ebsworth and whether any NDIA information has been affected. The firm has represented the NDIA in legal appeals brought against the agency. As of September last year, there were nearly 4,000 appeals backlogged;

An injunction has been granted to restrict discussion of the stolen information - which doesn't really help anyone now.