HWL Ebsworth law-firm ransomware breach impacting government agencies
What happened
In late April 2023, the major Australian commercial law firm HWL Ebsworth was hit by a ransomware attack carried out by ALPHV, also known as BlackCat, a Russian-speaking criminal extortion group. The firm notified the Office of the Australian Information Commissioner of a data breach on 8 May 2023. The attackers claimed to have stolen roughly four terabytes of data and demanded an extortion payment of around AU$4.6 million. HWL Ebsworth refused to pay, with the firm stating it would not condone criminal extortion. After negotiations failed, ALPHV published a large portion of the stolen material, reported as around 1.1 to 1.45 terabytes, comprising over one million documents, on a dark-web leak site in late May and June 2023.
Because HWL Ebsworth acted for numerous public-sector and corporate clients, the leak swept up confidential material belonging to a large number of organisations and individuals. Australian government reporting and reporting by outlets such as iTnews indicate data linked to more than 60 federal, state and territory government agencies was affected (figures cited range from 62 to 65), alongside data tied to major banks, private companies and individuals. Officials stressed that affected agencies were clients of the firm and did not themselves suffer a cyber incident. HWL Ebsworth obtained a Supreme Court of New South Wales injunction in June 2023 to restrain further dissemination of the data, later made final, and the OAIC opened a formal investigation into the firm's information-handling and breach-notification practices.
Assessment
This was a criminal ransomware-and-extortion operation, not a state-sponsored act; ALPHV/BlackCat is widely described as a Russian-speaking cybercrime group operating a ransomware-as-a-service model, and available reporting does not attribute it to any government. The incident is significant less for any service disruption than for the scale and sensitivity of stolen legal data exposed when the firm declined to pay. As a supply-chain compromise of a trusted legal services provider, it illustrates how breaches of intermediaries can cascade across many government and corporate clients. Specific totals for affected individuals remain incompletely disclosed.
This dossier summarises open-source reporting and is updated as the investigation develops. Read the original report via the source link.