The agency overseeing Australia’s national disability insurance scheme is currently investigating whether sensitive client information related to appeal cases has been compromised in a major cybersecurity breach at law firm HWL Ebsworth, which has represented the agency. The ALPHV/Blackcat ransomware group, linked to Russia, claimed responsibility for the hack in late April and subsequently published 1.1TB of the 3.6TB of data it claimed to have stolen. HWL Ebsworth, a prominent Australian law firm with several hundred clients, including federal government agencies, obtained a non-publication order in the NSW supreme court to prevent the dissemination of the hacked material.
The National Disability Insurance Agency (NDIA) is now engaging with the law firm to determine the extent of the impact on its information. As part of the fallout from the cyber incident, HWL Ebsworth clients, including the NDIA, must wait for the firm to inform them if their sensitive information has been compromised. The law firm has represented the NDIA in legal appeals related to client National Disability Insurance Scheme (NDIS) plans. Court documents reveal that at least one individual with a case against a government agency has found their information in the leaked data.
The firm is conducting a detailed and comprehensive review of the data to assess the extent of the breach. Additionally, Australia’s chief privacy authority, the Office of the Australian Information Commissioner, disclosed that it was also a client of HWL Ebsworth and had been affected by the breach, highlighting the wide-ranging impact of the cyber incident. The ransomware group initially went unnoticed by HWL Ebsworth, as the first email with ransom threats was marked as spam, and the second was caught by anti-spam filters. It was only after the group’s post on the dark web and a subsequent email that the firm became aware of the legitimacy of the ransom claims. The breach underscores the vulnerability of legal firms handling sensitive client information and raises concerns about the potential exposure of confidential data related to legal proceedings and appeals against government agencies. The investigation is ongoing, with both the NDIA and the Office of the Australian Information Commissioner seeking more information on the impact of the breach and potential lapses in securing private information.
