"Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack"

The Office of the Australian Information Commissioner (OAIC) recently announced that some of its files were stolen in a ransomware attack on law firm HWL Ebsworth.  One of the largest law firms in Australia, HWL Ebsworth, stated that it became aware of the incident on April 28, after the Alphv/BlackCat ransomware gang boasted about the hack, and that it immediately informed the Australian authorities and started investigating the incident.  The investigation indicates the threat actor had accessed and exfiltrated certain information on a confined part of the firm’s system but not on their core document management system.  On June 9, HWL Ebsworth noted that the ransomware group published on their leak site some of the data allegedly stolen from its systems.  The law firm says it has yet to determine the full impact of the data breach and that it will notify all individuals whose personal information might have been compromised.  On Saturday, June 10, HWL Ebsworth advised the OAIC that a document or documents relating to a limited number of OAIC files were included in the breach experienced by HWL Ebsworth.  The incident reportedly impacted the NDIS Quality and Safeguards Commission, the Australian Federal Police, the Commonwealth Director of Public Prosecutions, the Department of Defence, the Department of Home Affairs, the Department of Foreign Affairs, and the Taxation Office as well.  The National Australian Bank (NAB), one of the four largest banks in the country, also disclosed some impact from the incident, stating that a small percentage of its customers might have been affected.  The Alphv/BlackCat ransomware gang has leaked roughly 1.5 terabytes of data from the roughly 3.6 terabytes it allegedly stole from HWL Ebsworth.

SecurityWeek reports: "Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack"