You have 0 free articles left this month.
Advertisement
Big Law

Legal Practice Board of WA says no data published following May ransomware attack

The board’s executive director has said data published by hackers “does not relate to the board”.

September 01, 2025 By David Hollingworth
Share this article on:
expand image

Editor’s note: This story first appeared on Lawyers Weekly’s sister brand, Cyber Daily.

Months after being listed as a victim of a ransomware attack on the leak site of the threat actor, the Legal Practice Board of Western Australia has confirmed that – so far – no allegedly stolen data has been published by the cyber criminals.

 
 

“Some limited corporate correspondence was disclosed on Tuesday, 27 May, which was removed within 24 hours following takedown efforts,” Libby Fulham, Executive Director of the Legal Practice Board, recently told Cyber Daily.

“This correspondence contained minimal contact information, some operational and resourcing information, and bank account details for the board and a very small number of third parties who have been directly notified.”

Fulham said the board has been monitoring the darknet for any further activity by the hackers, given the hacker’s threat of publishing the data in June.

“On 19 June 2025, the third party published a link to some data, claiming it related to the board,” Fulham said.

“We reviewed this data and can confirm that this data does not relate to the board. We are continuing to monitor for any further disclosures – we have not detected any further dark web activity at this time.”

The board has also obtained an injunction to “prevent any access, dissemination or sharing of data impacted by this incident”. The incident did cause disruption to some of the board’s systems, and is now issuing practising certificates directly to practitioners via their email.

As of the time of writing, the leak post referencing the hack is still live, with its claims of having compromised 300 gigabytes of financial documents, commercial contracts, legal documents, and employee information. However, while the leak post features a link to an “information disclosure address” that hosts all of the threat actor’s leaked data, there is no folder for the Legal Practice Board.

Little is currently known about the hacker's operation, and it has so far claimed 39 victims since it first emerged in late May. According to the group’s About page, “We are a group of hackers who only seek money.”

The gang claims to utilise double-extortion techniques, both stealing and threatening to publish data, and encrypting that data, forcing victims to pay a ransom to purchase a decryptor to unlock their files.

The Legal Practice Board of Western Australia is a public sector, independent statutory authority that issues practising certificates and assists the Supreme Court of Western Australia with new admissions.

“The board also supports the legal profession and the community by providing educational and professional development services, and promoting clear and comprehensive information,” the board says on its website.

In the 2023–24 financial year, the board issued 8,094 practising certificates.