Australia’s privacy watchdog, the Office of the Australian Information Commissioner (OAIC) has confirmed that it has been affected by the fall out of the cyber-attack on Australia’s largest commercial law firm, HWL Ebsworth, as reported by The Australian.
The data breach, allegedly perpetrated by Russian-linked ransomware gang BlackCat in April, involved the theft of four terabytes of data, which was held for ransom that the law firm later refused to pay.
As part of its scare tactics, BlackCat initially leaked 1.45 terabytes of data containing over a million documents allegedly stolen from the law firm's systems.
HWL Ebsworth, known for its extensive contracts with at least 40 government departments and agencies, has become the focus of concern over the potential theft of sensitive commonwealth data.
Other government agencies feared to have been impacted are Home Affairs, the Australian Federal Police, Australian Taxation Office, Department of Defence, Department of Foreign Affairs, and Commonwealth Director of Public Prosecutions.
Investigation underway
Upon investigation by The Australian, most government departments declined to comment and referred inquiries to HWL Ebsworth.
The law firm, in turn, emphasised the importance of client and employee data privacy and security, acknowledging the potential impact of the breach.
It is now closely collaborating with the Australian Cyber Security Centre, the OAIC, and relevant government authorities and law enforcement agencies to address the incident.
The Minister for Home Affairs and Cyber Security, Clare O'Neil, has confirmed that investigations are underway to determine the impact on government data.
While her office refused to disclose the number of agencies affected by the breach, it stressed ongoing collaboration with HWL Ebsworth in understanding and managing the potential consequences of the data's publication.