On 28 April 2023, Australian law firm HWL Ebsworth suffered a ransomware attack at the hands of the ALPHV (also known as BlackCat) threat group, stealing 2.5 million documents and releasing 1 million. This led to the largest supply chain attack seen in Australia.

Hundreds of organisations were affected by the incident, including high-profile organisations like the big four banks and a handful of government agencies, including the Office of the Australian Information Commissioner (OAIC) and the Department of Home Affairs.

After months of attempting to delay freedom of information requests and declining requests for public accessibility, the government released the full list of agencies affected by the breach on 21 December 2023.

Sixty-two agencies were affected by the incident, including the Department of the Prime Minister, the Department of Foreign Affairs, the Defence Portfolio, and more.

Speaking with The Australian, shadow cyber security minister Senator James Paterson (pictured) scathingly called out the government for the incident.

“The Albanese government has finally admitted they were victims of one of the largest-ever hacks on an Australian government, with an astonishing 62 departments and agencies exposed to the HWL Ebsworth data breach,” Senator Paterson said.

“Shockingly, among the lost data is – in the government’s own words – sensitive national security information, legal advice, personally identifying information of vulnerable people, including victims of crime and private medical information.

VIEW ALL

“Despite this, there is no evidence of any policy changes to make sure this does not happen again, or any consequences for those responsible.”

Responding to Senator Paterson’s words, the government iterated that agencies on the list were not all equally impacted.

“Inclusion on the list does not imply equal impact across these entities. Varying degrees of impact were observed, in both volume and sensitivity of records exposed,” the government said via The Australian.

“The data affected … is a matter of legal privilege, and as such, the Department of Home Affairs is unable to comment directly on the nature of the stolen data.

“However, the breach exposed a range of sensitive information … which included: legal advice provided to government entities; personal identifiable information relating to employees or clients of government entities, … vulnerable persons information, … government information, including potentially sensitive details of issues relating to national security and law enforcement, and litigation matters, including employment and immigration decisions, and; corporate information.’’

The HWL Ebsworth hack is one of the largest cyber attacks Australia has ever seen, affecting thousands of organisations. The breach spurred on the appointment of Air Marshal Darren Goldie as the first national cyber security coordinator, whose first role was to understand the breach and determine its impact.

The coordinator concluded in September that the law firm was now in a position to deal with the aftermath and response to the breach without government assistance.

“I have determined we have reached an appropriate juncture to conclude the formal coordinated Australian government response to this cyber incident,” Air Marshal Goldie said, “with HWL Ebsworth now able to manage its response without formal assistance from the Australian government”.

“Individual agencies will continue to assist affected clients, and we stand ready to reactivate formal coordinated support if the incident evolves.”

HWL Ebsworth, a law firm that has been paid millions of dollars for its government work over the years, has said that it has bolstered its cyber security following the incident.