iscover
Naomi NeilsonShare this article on:
Powered by
MOMENTUM
MEDIA
The privacy watchdog has received a representative complaint against HWL Ebsworth over its 2023 data hack.
The National Justice Project filed a complaint with the Office of the Australian Information Commissioner (OAIC) on behalf of a National Disability Insurance Scheme (NDIS) participant who said he is concerned he will be a victim of HWL Ebsworth’s breach.
The firm was hit by the ALPHV ransomware operation last May, resulting in millions of documents being published on the darknet.
The National Disability Insurance Agency was one of 65 government agencies hit by the breach, and reports suggested it impacted NDIS participants, prospective participants, their families, and staff.
“The National Justice Project has intervened on behalf of those affected by the breach because it includes the personal and health records of vulnerable individuals living with a disability.
“They may not have been provided with adequate support from HWL Ebsworth, NDIA and other government departments and organisations to mitigate any harm arising from the breach,” CEO George Newhouse said.
NDIS participant Richard Hamon said his vision impairment impedes his ability to “review and assess the legitimacy of his emails”.
Hamon said the breach has already impacted his mental and physical health, relationships and overall quality of life.
He added he is concerned there are not enough legal protections for individuals who are impacted “at no fault of their own”.
Concerned calls reached Greens Senator Jordon Steele-John, who said more needs to be done to protect participant’s information.
“This speaks to the urgent need for stronger protections for participant’s privacy around their data, and also for better … rules around what information the agency has and when and how that information is shared with third parties,” Steele-John said.
The National Justice Project also called for urgent reform.
The OAIC already commenced a separate investigation into HWL Ebsworth, announcing back in February that it would explore the firm’s “acts or practices in relation to the security and protection of the personal information it held, and the notification of the data breach to affected individuals”.
At the time, the OAIC said it would have “a range of options available” if the investigation resulted in it being satisfied an interference with the privacy of one or more individuals had occurred.
“If the investigation finds serious or repeated interferences with [the] privacy of individuals, the commissioner has the power to seek civil penalties against HWLE from the Federal Court of Australia,” it said.
Following this announcement, HWL Ebsworth said it would cooperate fully with the OAIC investigation.
“Since becoming aware of this incident, HWL Ebsworth’s focus has been to ensure that we properly reviewed the stolen data and informed those impacted as swiftly as we could, and we have worked closely with impacted organisations to notify all affected individuals.
“We have offered support services to impacted individuals and took the additional step of obtaining an injunction to restrain further publication or dissemination of confidential information,” the statement said.
In February, Justice Michael Slattery said there was some “utility” in making a final interlocutory injunction against the hackers.
The National Justice Project news comes after a big fortnight for HWL Ebsworth, with it recently announcing it has finalised a new leadership and governance structure following the death of managing partner Juan Martinez.
On Tuesday (25 June), the firm promoted 79 lawyers to senior roles, and six moved into its partnership.
HWL Ebsworth was approached for comment but did not respond by the time of filing this story.
This article was originally published on Cyber Daily’s sister brand, Lawyers Weekly.
Be the first to hear the latest developments in the cyber industry.
