HWL Ebsworth suffers data breach
National firm HWL Ebsworth is the latest BigLaw practice in Australia to have an unauthorised party allegedly access its data, with a spokesperson saying hackers are claiming a “significant amount” of data had been breached.
Editor’s note: This story has been updated to note that hackers are claiming to have accessed data, while an earlier version incorrectly noted the firm had confirmed data had been breached. Lawyers Weekly regrets the error.
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
At the end of last month, Lawyers Weekly detailed why law firms, big and small alike, “must take note” of the data breach suffered by ASX-listed BigLaw practice IPH Limited. Now, there is another BigLaw firm whose experience fellow practices must be aware of.
HWL Ebsworth — which has nine offices across the country and perhaps the biggest partnership of any law firm in Australia — has confirmed that it is investigating an alleged data breach.
As reported on Monday (1 May) by AFR, Russia-linked hacking group ALPHV, also known as BlackCat, has claimed to have four terabytes of data from the national law firm’s servers, from internal company files and personal employee data, including CVs, IDs and financial reports, through to client documents, such as loan data, credit card information and financial data.
The news follows the recent data breach suffered by IPH, which alerted the market to a breach in its systems in mid-March.
By the end of March, IPH had identified, during the course of its investigation, that the breach had been contained to two of its member firms, and by the time that investigation had concluded, the listed firm said that it would likely incur millions in non-underlying costs for tackling the breach, investigating it, engaging external forensic and legal experts, not to mention any client or shareholder actions or regulatory costs.
In a statement provided to Lawyers Weekly, HWL Ebsworth chief strategy officer Russell Mailler said that the firm became aware on Friday night (28 April) that an unauthorised third party was claiming to have “extracted a significant amount of data” from the national practice.
“The privacy and security of our client and employee information is of the utmost importance to us. As soon as we learned of this potential incident, we acted quickly to respond to the threat and have been working with third-party experts to determine the validity of the claims, and to ensure the ongoing safety and security of our systems,” Mr Mailler said.
The firm has notified the Australian Cyber Security Centre and is continuing to work with it throughout the course of the investigation.
“At this time, we are still determining the credibility of the claims made and the potential impact to any data. There is no evidence that any third party is currently accessing our systems, and no signs of encryption have been detected,” he outlined.
“We will continue to provide updates to our stakeholders, as appropriate, as new information becomes available. While investigations are ongoing, our operations are not impacted, and our focus remains on providing exceptional service for our clients to the high standards of our firm.”
Late last month, Lawyers Weekly spoke with numerous cyber partners at national firms about what lessons legal practices must learn from the experience of IPH.
As reported by Lawyers Weekly in mid-April, new research has found that the majority of legal professionals have no confidence in their firm’s ability to detect and respond to security breaches.