cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Concerns of government data exposed in hack, Home Affairs establishes crisis group

Following the major attack by Russian hackers on Australian law firm HWL Ebsworth, a government crisis group has been formed to establish what federal data has been stolen.

user icon Daniel Croft
Fri, 16 Jun 2023
Concerns of government data exposed in hack, Home Affairs establishes crisis group
expand image

Led by the Attorney-General’s Department, the group will investigate the damage done by the Russian state-backed hacking group ALPHV (also known as BlackCat) during its recent attack on HWL Ebsworth.

On top of the announcement that the Office of the Australian Information Commissioner (OAIC) was affected by the HWL Ebsworth data breach, a number of government agencies, including the Australian Federal Police (AFP), Australian Taxation Office (ATO), the Commonwealth Director of Public Prosecutions, the Department of Defence and the Department of Home Affairs, were also reportedly affected.

While ALPHV did not directly access the systems of any of the above government devices, the threat group compromised the data of the agencies through a supply chain attack on HWL Ebsworth, granting it access to data belonging to the law firm’s clients.


The new crisis group was established following major concerns that the compromised data could contain information on legal advice that could make both the current government and the prior government look bad, as well as that of vulnerable individuals.

According to information given to The Australian, government agencies are holding daily meetings to determine which data was compromised. While a spokesperson from Home Affairs refused to reveal how many agencies were clients of HWL Ebsworth, it said that the government and the law firm are in talks to determine the impact the hack has had.

“The government continues to actively engage HWL Ebsworth as it investigates the extent of the breach, including impacts on Commonwealth information,” said the spokesperson.

“HWL Ebsworth first reported a cyber incident involving ransomware and claims of data exfiltration and publication to the dark web on 1 May 2023.

“The government is working with HWL Ebsworth to understand and manage potential consequences of the publication of the data. As this matter is the subject of an ongoing joint investigation between the AFP and Victoria Police, it would not be appropriate to comment further.”

It is known that clients include the Parliamentary Budget Office, Aged Care Quality and Safety Commission, Australian Securities and Investments Commission (ASIC), Services Australia, Department of Foreign Affairs, Finance, Education, Agriculture, Industry, Employment, Fisheries and Forestry, Science and Resources, and Prime Minister and Cabinet.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.