National legal giant HWL Ebsworth has confirmed it is investigating claims from a Russia-linked hacking group that says it is in possession of 4 terabytes of data from the firm’s internal company files.
ALPVH, also known as BlackCat, added HWL Ebsworth to its ‘victim list’ last Friday, claiming it downloaded data from company file services including internal company data, client documentation, a complete network map and more.
While HWL Ebsworth has not confirmed the veracity of ALPVH’s claims, the firm says it is working with third-party experts to confirm whether or not any company data was actually stolen and to ensure the ongoing safety and security of its systems.
“On Friday evening we became aware that an unauthorised third party was claiming to have extracted a significant amount of data from our firm,” the firm says via a media statement.
“As soon as we learned of this potential incident, we acted quickly to respond to the threat and have been working with third-party experts to determine the validity of the claims, and to ensure the ongoing safety and security of our systems.
“We have notified the Australian Cyber Security Centre and will continue to work with them throughout the course of our investigation. At this time, we are still determining the credibility of the claims made and the potential impact to any data. There is no evidence that any third party is currently accessing our systems and no signs of encryption have been detected.”
If ALPHV’s claims are to be believed, the hacking group is in possession of a major collection of personal information and customer documents.
This includes the personal data of employees, financial reports, accounting data, insurance documents, client credit card information, loan data, and credentials for local and remote services.
The news comes after a string of high-profile data breaches at major Australian companies - most recently at personal loans provider Latitude Financial (ASX: LFS) which revealed in March that close to eight million Australian and New Zealand drivers licence numbers were stolen in a cyber attack.
Other major data breaches in recent months include a leak at telco Optus which saw 10 million current and former customers have their personal data compromised. This led to a class action lawsuit from legal firm Slater and Gordon (ASX: SGH) which is alleging the company failed to protect customers from the breach.
Private health insurer Medibank (ASX: MPL) was also hit with three separate actions relating to a security breach last year that led to the theft of personal data from 9.7 million customers, including the most recent lawsuit from US-based Quinn Emanuel Urquhart & Sullivan.
Enjoyed this article?
Don't miss out on the knowledge and insights to be gained from our daily news and features.
Subscribe today to unlock unlimited access to in-depth business coverage, expert analysis, and exclusive content across all devices.
Support independent journalism and stay informed with stories that matter to you.