Share this article on:
Breaking news and updates daily. Subscribe to our Newsletter
Australia’s national cyber security coordinator has said that his first priority in the new role will be to look into the circumstances surrounding the catastrophic hack of law firm HWL Ebsworth.
“My first order of business as national cyber security coordinator was to seek briefings from the Department of Home Affairs and HWL Ebsworth on the status of the response to the cyber incident,” said Air Marshal Darren Goldie, who was appointed to the role in June.
HWL Ebsworth fell victim to a ransomware attack in May, carried out by the Russian threat actor ALPHV. The hackers were able to exfiltrate a trove of client data, which led to the compromise of data belonging to more than 40 government departments, Australia’s big four banks, and Optus, among others.
Optus was previously hacked in September 2022, which led to the data of roughly 11 million people being stolen. That hack was unrelated to the incident involving HWL Ebsworth.
“I am actively engaging with HWL Ebsworth to understand the complete picture of this incident, including how their private industry clients have been impacted, as the data analysis continues,” Air Marshal Goldie said in a statement.
“Impacted entities are commencing the process of notifying affected individuals about the impacts the data breach has had on their information, and to meet their relevant obligations under the Privacy Act 1988.”
Air Marshall Goldie said that the Department of Home Affairs’ legal services working group is meeting regularly with the law firm to work through the impact on various government departments. More meetings are to come with other affected stakeholders affected by the data breach.
“I thank the department and HWL Ebsworth for their assistance and advice at very short notice,” Air Marshal Goldie said.
HWL Ebsworth revealed in June that it had obtained an injunction from the NSW Supreme Court that bars anyone from unveiling, promoting or using any of the stolen information outside of obtaining legal counsel.
The hackers were also required to take down the data; however, enforcing such an injunction is practically impossible.
Comments powered by CComment