cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

HWL Ebsworth victims kept in the dark for 6 months due to firm’s court injunction

A portion of victims affected by the HWL Ebsworth cyber attack that rocked the nation earlier this year were not notified of the breach until this week, six months after the hack occurred.

user icon Daniel Croft
Tue, 24 Oct 2023
HWL Ebsworth victims kept in the dark for 6 months due to firm’s court injunction
expand image

Ironically, the delay in information getting to some of the victims comes as a result of HWL Ebsworth itself, which earlier in the year requested a court injunction to make the access of stolen data illegal.

The injunction, which HWL Ebsworth secured in the NSW Supreme Court, said that it “seeks to prohibit further access to, use, dissemination or publishing of the data disclosed on the dark web, including by the media”.

While it is unlikely that any cyber criminal already responsible for breaching and stealing data from a major organisation is likely to listen to an injunction like this, particularly through the anonymous lens of the internet, the court order did delay some victims from being made aware they were affected, as it meant that they could only find out directly from HWL Ebsworth itself.


The law firm claimed that the reason that it took so long for the victims to be notified was that there was a large volume of data stolen and that determining what was compromised and who was affected required manual analysis.

“A very large volume of data was extracted, but it was not immediately apparent the extent of the impact to personal information,” said HWL Ebsworth.

“A complex manual review was needed to assess what personal information was involved and identify affected persons.”

Australian cyber security coordinator Air Marshal Darren Goldie, whose first job was analysing the damage and responding to the HWL Ebsworth attack, defended the long time it took for those affected to be contacted by the law firm, saying that he allowed for the information to be kept private for longer to prevent anxiety.

“While there is some benefit in getting that information into the public domain early on, I made the decision to allow HWL Ebsworth to notify individuals through NDIS providers and caregivers first before making the information public,” he said.

For context, HWL Ebsworth was hacked by the infamous ALPHV (aka BlackCat) hacking group back in April. This resulted in a huge number of institutions being affected, including 65 government departments and agencies.

This included the Office of the Australian Information Commissioner (OAIC), the very body organisations are required to contact in the event of a cyber incident.

In September, ALPHV published 1.1 terabytes of the data it had claimed to have stolen, which later was found to be 3.6 terabytes of data.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.