cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Big 4 banks caught up in HWL Ebsworth hack

The list of high-profile victims of the HWL Ebsworth hack continues to grow, with Australia’s big four banks all confirming that they are clients of the Aussie law firm.

user icon Daniel Croft
Thu, 22 Jun 2023
Big 4 banks caught up in HWL Ebsworth hack
expand image

The four, made up of ANZ, Commonwealth Bank, National Australia Bank, and Westpac, have all revealed themselves as clients of HWL Ebsworth, whose systems were breached in early May, leading to approximately four terabytes of data being stolen.

Of the four, NAB is the only bank that has confirmed that its data had been exposed after hackers from the ALPHV (also known as BlackCat) threat group behind the attack posted online that it had stolen data from it.

“We are aware that HWL Ebsworth, a law firm engaged by NAB for some legal services, has been impacted by a cyber attack,” said a spokesperson from the bank.

The bank added that while data contained by HWL Ebsworth may have been compromised, its own systems remain safe.

“NAB’s systems were not impacted and remain secure. We are working with HWLE as they continue to get more information in relation to the content of these matters,” it said.

The other three banks have all said that they are working alongside HWL Ebsworth to determine exactly what data had been exposed and if any of their customer’s data was at risk.

“ANZ is aware of the HWL Ebsworth (HWLE) cyber incident. ANZ’s systems have not been impacted,” said ANZ in a statement.

“ANZ is a client of HWLE for some legal matters.

“We are working with HWLE and others to understand and address the potential exposure, and we will directly contact those employees and customers who may have been impacted and need to be notified.”

The big four banks join several other major institutions as victims of the hack, with over 40 government agencies and departments, including several bodies and authorities on cyber safety such as the Office of the Australian Information Commissioner (OAIC) and the Australian Federal Police (AFP), having been affected.

According to CyberCX’s director of cyber intelligence and public policy, Katherine Mansted, attacking high-profile targets such as major organisations and government is in line with ALPHV’s threat pattern of “big game hunting.”

“They’re one of the most prolific threat actors in Australia and have been for some time since they first emerged on the scene,” she told the AFR.

“We have observed them compromise at least 14 Australian organisations and a lot of those are in the professional services sector.

“It’s been quite deliberate about the targets that it attacks; professional services in a sector that ALPHV assesses as having some pretty sensitive information that it can hold at risk.”

Mansted added that ALPHV was the first threat group observed posting stolen data on the public internet rather than the dark web, in an effort to maximise the harm caused by exposing stolen data.

While ransomware demands are currently unknown, HWL Ebsworth has said that it is refusing to pay the hacking group what it’s asking.

“We take our ethical and moral duties to the community very seriously. We consider we have a fundamental civic duty to not, in any way, encourage or be seen to condone the criminal activity of extorting money by taking and threatening the publishing of other people’s data,” the law firm told the ABC.

“The privacy and security of our client and employee data remains of the utmost importance. We acknowledge and understand the impact this may have, and we are communicating closely with our clients.”


Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.