Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Full list of government agencies affected by HWL Ebsworth hack revealed

The full list of government agencies affected by the HWL Ebsworth cyber attack has been released by the government, revealing that the impact of the breach was much greater than originally believed.

user icon Daniel Croft
Mon, 15 Jan 2024
Full list of government agencies affected by HWL Ebsworth hack revealed
expand image

On 28 April 2023, Australian law firm HWL Ebsworth suffered a ransomware attack at the hands of the ALPHV (also known as BlackCat) threat group, stealing 2.5 million documents and releasing 1 million. This led to the largest supply chain attack seen in Australia.

Hundreds of organisations were affected by the incident, including high-profile organisations like the big four banks and a handful of government agencies, including the Office of the Australian Information Commissioner (OAIC) and the Department of Home Affairs.

After months of attempting to delay freedom of information requests and declining requests for public accessibility, the government released the full list of agencies affected by the breach on 21 December 2023.

============
============

Sixty-two agencies were affected by the incident, including the Department of the Prime Minister, the Department of Foreign Affairs, the Defence Portfolio, and more.

Speaking with The Australian, shadow cyber security minister Senator James Paterson scathingly called out the government for the incident.

“The Albanese government has finally admitted they were victims of one of the largest-ever hacks on an Australian government, with an astonishing 62 departments and agencies exposed to the HWL Ebsworth data beach,” Paterson said.

“Shockingly, among the lost data is – in the government’s own words – sensitive national security information, legal advice, personally identifying information of vulnerable people, including victims of crime and private medical information.

“Despite this, there is no evidence of any policy changes to make sure this does not happen again, or any consequences for those responsible.”

Responding to Paterson’s words, the government iterated that agencies on the list were not all equally impacted.

“Inclusion on the list does not imply equal impact across these entities. Varying degrees of impact were observed, in both volume and sensitivity of records exposed,” the government said via The Australian.

“The data affected … is a matter of legal privilege, and as such, the Department of Home Affairs is unable to comment directly on the nature of the stolen data.

“However, the breach exposed a range of sensitive information … which included: legal advice provided to government entities; personal identifiable information relating to employees or clients of government entities … vulnerable persons information … government information, including potentially sensitive details of issues relating to national security and law enforcement, and litigation matters, including employment and immigration decisions, and; corporate information.’’

The HWL Ebsworth hack is one of the largest cyber attacks Australia has ever seen, affecting thousands of organisations. The breach spurred on the appointment of Air Marshal Darren Goldie as the first national cyber security coordinator, whose first role was to understand the breach and determine its impact.

The coordinator concluded in September that the law firm was now in a position to deal with the aftermath and response to the breach without government assistance.

“I have determined we have reached an appropriate juncture to conclude the formal coordinated Australian government response to this cyber incident,” Air Marshal Goldie said, “with HWL Ebsworth now able to manage its response without formal assistance from the Australian government”.

“Individual agencies will continue to assist affected clients, and we stand ready to reactivate formal coordinated support if the incident evolves.”

HWL Ebsworth, a law firm that has been paid millions of dollars for its government work over the years, has said that it has bolstered its cyber security following the incident.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.