Data leak at major law firm sets Australia's government and elites scrambling
BlackCat attack sparks injunction preventing coverage of purloined docs
An infosec incident at a major Australian law firm has sparked fear among the nation's governments, banks and businesses – and a free speech debate.
The firm, HWL Ebsworth, has acknowledged that on April 28, "we became aware that a threat actor identified as ALPHV/BlackCat made a post on a dark web forum claiming to have exfiltrated data from HWL Ebsworth."
The lawyers therefore hired investigators, who confirmed that "the threat actor had accessed and exfiltrated certain information on a confined part of the firm's system, but not on our core document management system." The investigation reportedly revealed that over four terabytes of info leaked, including documents describing clients and staff. Reports also detail negotiations between the firm and ALPHV/BlackCat over ways to keep the incident quiet.
Australia's regulator responsible for data breach reporting is among those impacted by the leak
The attackers later published some of the stolen data on the dark web.
Which is where things get interesting. HWL Ebsworth is the kind of big-end-of-town law firm that attracts governments and large corporates as clients. Those clients are now scrambling to understand if their data has leaked.
Australia's federal government has reportedly established a task force to determine the extent of its exposure – which is thought to include some sensitive military material.
- Australia to phase out checks by 2030
- Australian cyber-op attacked ISIL with the terrifying power of Rickrolling
- This is a BlackCat you don't want crossing your path
- Ransomware-as-a-service groups rain money on their affiliates
The state government of Tasmania has admitted it's a client, and may therefore be exposed.
National Australia Bank – one of the nation's top four financial institutions – yesterday posted a statement that appears to indicate its data is compromised, as it reads: "The vast majority of NAB customers will not be impacted by this."
The Office of the Australian Information Commissioner – the entity to which data breaches must be reported in Australia – has also admitted it's a client, and that HWL Ebsworth notified it some of its files were among the leaked trove.
The law firm has secured an injunction to prevent media outlets reporting on the content of the leaked documents.
Debate is bubbling in Australia over whether that's a crimp on free speech, or a sensible precaution – given publication could give ALPHV/BlackCat more leverage as it seeks to negotiate with HWL Ebsworth.
The Register understands the firm has not paid a ransom and is not inclined to do so. ®