I have determined we have reached an appropriate juncture to conclude the formal coordinated Australian Government response to this cyber incident, with HWL Ebsworth now able to manage its response without formal assistance from the Australian Government.
The Australian Government has concluded its formal coordinated response to the cyber attack on law firm HWL Ebsworth earlier this year that compromised data belonging to 65 government entities, the national cyber security coordinator has declared.
Air Marshal Darren Goldie announced on Monday 18 September that after 16 weeks of coordinated Australian Government assistance, HWL Ebsworth is now able to manage its response without further intervention from his department.
“I have determined we have reached an appropriate juncture to conclude the formal coordinated Australian Government response to this cyber incident,” Goldie said.
“Individual agencies will continue to assist affected clients and we stand ready to reactivate formal coordinated support if the incident evolves.
“HWL Ebsworth will continue to work directly with affected Australian Government agencies and private sector entities on the management of ongoing consequences. HWL Ebsworth continues to engage with the Office of the Australian Information Commissioner on notifications to affected individuals.”
In April, Russian-linked ALPHV/Blackcat ransomware group hacked the law firm, stealing 2.5 million documents and released one million of them on the dark web.
This included internal company files and personal employee data such as client documents, financial reports, accounting data, credit card information and employee CVs and IDs.
The firm, used by large commercial and government organisations, refused to pay a ransom of $US4.6 million (AUD$7.1 million) to the hackers and in June successfully secured a NSW Supreme Court injunction preventing the publication of the stolen data.
Goldie revealed the scale of the clients affected by the hack for the first time in a speech to The Australian Financial Review Cyber Summit on Monday, disclosing that 65 government departments and agencies had been affected, including the Australian Federal Police and the Department of Home Affairs.
Other known clients that were impacted include the Victorian and Tasmanian Governments and the National Disability Insurance Agency.
“As of 18 September 2023, a total of 65 Australian Government entities have been impacted, as direct clients of the firm through its legal and consulting services. A large number of private sector clients were also affected,” Goldie said.
“I stress that these agencies were clients of HWL Ebsworth and did not suffer a cyber incident themselves.
“The attack on HWL Ebsworth provides important lessons for Government and industry and insight into how we can more effectively respond to and rebound from future cyber incidents.”
Goldie will now lead a thorough review with the firm and stakeholders from the Australian Government, states and territories into lessons learned from the incident response.