Australia’s Banks Caught up in Russian Cyber Attack

The recent Russian cyberattack on law firm EWL Ebsworth has claimed another set of victims—this time, Australia’s four major banks.

This comes as over 40 Australian government agencies are feared to have been impacted by the database hacking of HWL Ebsworth by the Russian cybercriminal group AlphV.

While the four banks—ANZ, the Commonwealth Bank of Australia (CBA), National Australia Bank (NAB), and Westpac—have confirmed that they have engaged the firm’s legal services, they have assured customers and staff that their systems have not been impacted.

The ANZ has issued a similar response but added that it will contact employees and customers who may have been impacted and need to be notified.

The CBA told The Epoch Times it is in regular contact with the law firm and is managing the cyber attack as an “urgent priority.”

The Epoch Times has also reached out to Westpac but is yet to receive a comment.

Meanwhile, AMP, one of Australia’s oldest financial services companies, confirmed to The Epoch Times that they are also clients of HWL Ebsworth and are working with the law firm “and others” to address and understand the issue.

Australia’s Corporate Watchdog, the Australian Competition and Consumer Commission (ACCC), has also fallen victim to the cyberattack telling The Epoch Times that it has only engaged with EWL Ebsworth “in a limited capacity in recent years.”

“At this stage we understand that a very small number of ACCC documents may have been affected by the recent data breach,” an ACCC spokesperson told The Epoch Times in an email.

“We are continuing to monitor and receive updates and are working through the implications of the situation.”

Approximately 1.45 terabytes of sensitive information were then published by the hacking grouping on the dark web on June 8.

On June 12, HWL Ebsworth was granted an injunction by the Supreme Court of NSW to prevent hacking group AlphV from disclosing the stolen data online. The hacking group was also ordered to take down the data immediately. The injunction order was served using the contact information provided in three emails that demanded a ransom payment, which HWL Ebsworth had previously said it would not be paying.

The Epoch Times has reached out to EWL Ebsworth.

“We are conducting a detailed and comprehensive review of the impacted data and informing impacted third parties and individuals as swiftly as we can,” the company said.

“We have an ongoing engagement with relevant authorities in relation to this process, including the Office of the Australian Information Commissioner, the Australian Cyber Security Centre and law enforcement agencies in their ongoing investigation into the incident.

The Epoch Times has previously contacted the Attorney-General’s Department to seek clarification on the operations of the working group but was referred to the Department of Home Affairs.

The Department of Home Affairs told The Epoch Times in an email that the government continues to actively engage HWL Ebsworth “as it investigates the extent of the breach, including impacts on Commonwealth information.”

“The Government is continuing to work with HWL Ebsworth to understand and manage potential consequences of the publication of the data,” the spokesperson said. However, the spokesperson did not detail the operation of the working group.

“Protecting Australian Government data is more important than ever in light of recent significant cyber incidents and our current strategic environment,” Paterson said.

Other agencies reported to be impacted by the cyberattack include the Department of Home Affairs, the Australian Taxation Office, the Office of the Australian Information Commissioner (OAIC), the Defence Department, the Australian Federal Police, and the Department of Human Services and Medicare.

The Epoch Times has also reached out to the Department of Human Services and Medicare, and was told by a Services Australia spokesperson that it is currently engaging with EWL Ebsworth over the hacking incident.