Share this article on:
The Queensland government has confirmed that files from its systems have been compromised as part of the HWL Ebsworth breach.
In a statement published on the Queensland government website, the state government said it is currently investigating the impact of the breach.
“The Queensland government is aware of a cyber incident and data breach impacting law firm HWL Ebsworth,” it said.
“The Queensland government is working with HWL Ebsworth and relevant Commonwealth agencies as the extent of the breach is investigated, including impacts to government information.
“This includes work to understand and manage potential consequences of the theft and publication of the data and to ensure that all notifications are made to affected parties where required.
“Specific enquiries relating to this incident should be directed to HWL Ebsworth.”
According to a spokesperson from the Queensland government, the breach saw a number of “documents relating to a limited number of department’s [sic] files” exposed.
“The Department of Home Affairs continues to work with HWL Ebsworth and affected government agencies as it investigates the extent of the breach, including exposure of Queensland government information and related consequences arising from this exposure,” the spokesperson added.
Like other state and federal government agencies, the Queensland government is working with HWL Ebsworth to determine the issue and is preparing to contact affected clients.
“The Queensland government takes the privacy of its data holdings seriously and is working with HWL Ebsworth to understand what information may have been disclosed.
“Should our clients’ personal information be affected, the individual departments will work with HWL Ebsworth to ensure affected individuals are notified as soon as possible, and offer assistance and support as required.”
The announcement from the Queensland government comes just after the Victorian government confirmed that several of its sensitive legal documents were published on the dark web.
“Following its announcement in April 2023 of a major cyber breach,” Victoria’s chief information security officer (CISO) said in a statement, “law firm HWL Ebsworth has now confirmed that information relating to its work with several Victorian government departments and agencies has been released by cyber criminals to the dark web”.
The HWL Ebsworth attack, which occurred back in April at the hands of the Russian state-backed hacking syndicate ALPHV (also known as BlackCat), resulted in a number of major companies, such as the big four banks, as well as government agencies and authorities, including the Australian Federal Police (AFP) and the Office of the Australian Information Commissioner (OAIC) being compromised.
Australia’s new national cyber security coordinator has made it his first order of business to investigate the HWL Ebsworth supply chain attack.
“My first order of business as national cyber security coordinator was to seek briefings from the Department of Home Affairs and HWL Ebsworth on the status of the response to the cyber incident,” said Air Marshal Darren Goldie, who was appointed to the role in June.
In an effort to prevent stolen data from the hack being used for malicious means, HWL Ebsworth has secured an NSW Supreme Court injunction to prevent the publishing of data.
However, cyber security experts say the injunction could prove to be not only ineffective but also counterproductive.
Brett Callow, ransomware researcher for New Zealand security firm Emsisoft, said this defensive strategy had been used before and could have the opposite effect.
“New Zealand’s Waikato District Health Board and the Irish Health Service Executive are among the other organisations to have taken similar courses of action, and it’s a somewhat risky strategy,” he told New Zealand publication ITWire.
“On the one hand, the injunction may dissuade casual looky-loos from accessing the data and also stop reporters from using it as the basis for stories.
“On the other hand, it’s unlikely to stop ALPHV from releasing the data and may actually provoke them into releasing it more quickly or distributing it more widely than they otherwise would.”
Callow named a specific instance in the US where obtaining an injunction led to data being released faster and with more malicious intent behind it.
“When US company Southwire obtained injunctions against the Maze ransomware group and its web host, Maze started to release the data on a Russian cyber crime forum with a note inviting people to ‘Use this information in any nefarious ways that you want’,” he said.