Law firm HWL Ebsworth investigating potential data breach from notorious hacking group

Law firm HWL Ebsworth investigating potential data breach from notorious hacking group

National legal giant HWL Ebsworth has confirmed it is investigating claims from a Russia-linked hacking group that says it is in possession of 4 terabytes of data from the firm’s internal company files.

ALPVH, also known as BlackCat, added HWL Ebsworth to its ‘victim list’ last Friday, claiming it downloaded data from company file services including internal company data, client documentation, a complete network map and more.

While HWL Ebsworth has not confirmed the veracity of ALPVH’s claims, the firm says it is working with third-party experts to confirm whether or not any company data was actually stolen and to ensure the ongoing safety and security of its systems.

“On Friday evening we became aware that an unauthorised third party was claiming to have extracted a significant amount of data from our firm,” the firm says via a media statement.

“As soon as we learned of this potential incident, we acted quickly to respond to the threat and have been working with third-party experts to determine the validity of the claims, and to ensure the ongoing safety and security of our systems.

“We have notified the Australian Cyber Security Centre and will continue to work with them throughout the course of our investigation. At this time, we are still determining the credibility of the claims made and the potential impact to any data. There is no evidence that any third party is currently accessing our systems and no signs of encryption have been detected.”

If ALPHV’s claims are to be believed, the hacking group is in possession of a major collection of personal information and customer documents.

This includes the personal data of employees, financial reports, accounting data, insurance documents, client credit card information, loan data, and credentials for local and remote services.

The news comes after a string of high-profile data breaches at major Australian companies - most recently at personal loans provider Latitude Financial (ASX: LFS) which revealed in March that close to eight million Australian and New Zealand drivers licence numbers were stolen in a cyber attack.

Other major data breaches in recent months include a leak at telco Optus which saw 10 million current and former customers have their personal data compromised. This led to a class action lawsuit from legal firm Slater and Gordon (ASX: SGH) which is alleging the company failed to protect customers from the breach.

Private health insurer Medibank (ASX: MPL) was also hit with three separate actions relating to a security breach last year that led to the theft of personal data from 9.7 million customers, including the most recent lawsuit from US-based Quinn Emanuel Urquhart & Sullivan.

Get our daily business news

Sign up to our free email news updates.

 
Finexia’s Childcare Income Fund secures ‘very strong’ rating from Foresight Analytics & Ratings
Partner Content
Private credit specialist Finexia Financial Group (ASX: FNX) has secured a “very...
Finexia
Advertisement

Related Stories

Gordon Legal and Hayden Stephens and Associates team up to investigate Latitude legal action

Gordon Legal and Hayden Stephens and Associates team up to investigate Latitude legal action

Two Australian law firms have joined forces to investigate the poss...

Optus hit with Slater and Gordon class action over last year’s data breach

Optus hit with Slater and Gordon class action over last year’s data breach

Telco Optus has been hit with a class action from law firm Slater a...

Medibank withholds Deloitte findings into cyberattack

Medibank withholds Deloitte findings into cyberattack

Private healthcare insurer Medibank (ASX: MPL) has revealed it will...

Latitude refuses to pay ransom to cyber criminals

Latitude refuses to pay ransom to cyber criminals

Latitude Financial (ASX: LFS) has refused to pay a ransom demand is...