Login
OAIC to open investigation into HWL Ebsworth hack
The Australian information commissioner is launching an investigation into the personal information handling practices of HWL Ebsworth Lawyers following the data breach suffered in May of last year.
Jerome Doraisamy
In a statement issued earlier today (Wednesday, 21 February), the Office of the Australian Information Commissioner (OAIC) – the nation’s data protection authority – announced it had commenced an investigation of HWL Ebsworth’s personal information handling practices, following the authority’s preliminary inquiries into the incident, which commenced in June 2023.
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
The OAIC’s investigation, it detailed, will explore the firm’s “acts or practices in relation to the security and protection of the personal information it held, and the notification of the data breach to affected individuals”.
The OAIC was notified of the incident when it occurred in May of last year, in which the national law firm fell victim to the ALPHV ransomware operation, which eventually published millions of documents on the darknet in the following month.
Given HWL Ebsworth’s work with many government agencies, the incident impacted agencies such as Home Affairs and the Australian Federal Police (AFP). More than 60 government agencies, in total, were affected.
Earlier this month, the National Office of Cyber Security released the results of the Lessons Learned Review into the attack suffered by the BigLaw practice.
Commissioner Angelene Falk will, the OAIC continued, “have a range of options available to her” should the authority’s investigation result in her being satisfied that an interference with the privacy of one or more individuals has occurred.
This includes, the authority’s statement noted, “making a determination, which can include declarations that HWLE take specified steps to ensure that the relevant act or practice is not repeated or continued, and to redress any loss or damage suffered by reason of the act or practice”.
“If the investigation finds serious or repeated interferences with [the] privacy of individuals, then the commissioner has the power to seek civil penalties against HWLE from the Federal Court of Australia,” it said.
In accordance with its privacy regulatory action policy, the OAIC will await the conclusion of the investigation before commenting further, it added.
The news follows HWL Ebsworth’s promotion, earlier this month, of 64 lawyers to more senior roles, including eight to its partnership.
In a statement provided to Lawyers Weekly, a spokesperson for the BigLaw firm said: “We note the announcement by the OAIC. The privacy and security of our client and employee data is of the utmost importance.”
“Since becoming aware of this incident, HWL Ebsworth’s focus has been to ensure that we properly reviewed the stolen data and informed those impacted as swiftly as we could, and we have worked closely with impacted organisations to notify all affected individuals. We have offered support services to impacted individuals and took the additional step of obtaining an injunction to restrain further publication or dissemination of confidential information,” the spokesperson outlined.
“We will co-operate fully with the OAIC as they investigate this incident.”
