An Australian governmental body in charge of monitoring privacy breaches has fallen victim to a cyber attack following the hacking of one of the agency’s law firms.
Data from the Office of the Australian Information Commissioner (OAIC) was stolen by Russian cybercriminal BlackCat, also known as AlphV, after the hacking group infiltrated the database of HWL Ebsworth.
HWL Ebsworth is one of Australia’s largest commercial law firms and provides the OAIC with professional services.
This comes after four terabytes worth of company information, including employee details, were stolen by AlphV in April, with approximately 1.45 terabytes of sensitive information allegedly published by the hacking grouping on the dark web on June 8. However, it is unclear what data has been published, as HWL Ebsworth has a number of governmental and corporate clients.
“Cyber criminals who accessed our systems have now claimed to have published around one-third of the total data they say has been exfiltrated from our firm,” a company spokesman told AAP.
“We are investigating this claim and are seeking to identify what data may have been published.”
On June 12, HWL Ebsworth was granted an injunction by the Supreme Court of NSW to prevent hacking group AlphV from disclosing the stolen data online. The hacking group was also ordered to take down the data immediately. The injunction order was served using the contact information provided in three emails that demanded a ransom payment, which HWL Ebsworth has previously said it would not be paying.
However, HWL Ebsworth managing partner Juan Martinez admits there are “practical limits” to enforcing the injunction.
Tasmanian Government Caught Up in Company Hack
The Tasmanian government has also been a victim of the cyberattack after it was contacted by the federal government about an “illegal release” of HWL Ebsworth data on the dark web.Approximately 16,000 financial invoices and statements that were issued by the state’s education department were stolen. AlphV has claimed responsibility for the cyberattack.
“This is concerning, and we are working closely with the Australian government to establish if any Tasmanian information has been impacted,” she said.
“While this may take some time considering the volume of data involved—we are taking swift action and will keep the Tasmanian community informed with further developments.”
HWL Ebsworth has said it will not submit to the hacker’s demand for a ransom payment.
“We take our ethical and moral duties to the community very seriously,” the company’s spokesperson said.
“We consider we have a fundamental civic duty to not, in any way, encourage or be seen to condone the criminal activity of extorting money by taking and threatening the publishing of other people’s data.
“The privacy and security of our client and employee data remains of the utmost importance.
“We acknowledge and understand the impact this may have, and we are communicating closely with our clients.”
HWL Ebsworth employs approximately 1300 people with 278 partners. The hackers sent their first ransom on April 30.
AlphV Hacking Group Targets Australian Organisations
According to the Australian Cyber Security Centre (ACSC), AlphV affiliates have successfully deployed ransomware on corporate systems in a variety of countries and sectors, including in Australia.In February 2022, AlphV affiliates compromised a German oil storage operator and an energy distributor.
“The ACSC is aware of ALPHV targeting government and critical infrastructure organisations, as well as the energy, finance, construction and other sectors,” the ACSC said.
“The ALPHV operators claim to exclude the use of the ransomware in attacks on healthcare and charitable organisations.”