Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

16 AFP members at serious risk following HWL Ebsworth breach

Fallout from the HWL Ebsworth has resulted in 16 current and former Australian Federal Police (AFP) personnel being the most at risk.

user icon Daniel Croft
Thu, 26 Oct 2023
16 AFP members at serious risk following HWL Ebsworth breach
expand image

Responding to questioning by Senator and shadow cyber security minister James Paterson, AFP chief operating officer Charlotte Tressler revealed that a total of 67 current and former AFP members were affected in the breach.

“Overall, 67 current and former AFP appointees were affected. Fifty-one of those weren’t related to what we call a notifiable breach,” she said.

“That sort of information included things like mobile phone numbers, names, et cetera. We did have 16 current and former members that did have a notifiable breach, and we assessed that there would be a potential risk of serious harm to those appointees.”

============
============

While Tressler did not specify the nature of the critical information released for the 16, she told Paterson that it is evaluating its processes and the way it will screen the security standards of third-party service providers in the future.

“We’re looking at a range of matters into that. In particular, we’re looking at what we’re calling a third-party risk management handbook, which is being drafted,” she said.

“We’re still going through our clearance processes but need to have that in place. It will look at roles and responsibilities for key stakeholders, deadlines, and time frames around our procurement processes, ensuring that we’re assessing the risk is associated with particular arrangements.

“We [are] also refreshing the risk assessment process that we use when contracting with providers. From a legal perspective as well, we’ve been strengthening the standard clauses that get included into a contract so that we’ve got greater protections.

“Our IT area is also looking at trialling a tool that will help strengthen these arrangements further.”

Tressler also added that the AFP had engaged support services for the 16 critically affected AFP personnel.

On top of IDCARE, the national identity and cyber support community service that HWL Ebsworth had engaged for victims, it has also offered them security advice, as well as tips for mitigating the impact they may face. They also offered mental health and wellbeing support.

Paterson also inquired about the nature of the stolen data, asking if it was recent or from a long time ago, which would indicate poor data retention policies on HWL Ebsworth’s part.

Tressler requested the question be taken on notice.

The HWL Ebsworth breach of April 2023 rocked the nation, affecting 65 government agencies, including the Office of the Australian Information Commissioner (OAIC) and major organisations like the big four banks.

In September, the hacking group claiming responsibility for the breach, ALPHV, published 1.1 terabytes of the data it had claimed to have stolen, which later was found to be 3.6 terabytes of data.

In response to the breach, HWL Ebsworth engaged a number of measures to limit the impact of the breach, including a court injunction that “seeks to prohibit further access to, use, dissemination or publishing of the data disclosed on the dark web, including by the media”, saying it believed this would be against public interest.

Despite experts warning that cyber criminals who have already committed crimes by stealing the data were unlikely to adhere to the injunction, it went ahead.

This has landed HWL Ebsworth in even more hot water, as some of its victims have only just been notified about being impacted six months after the breach occurred, as it meant only HWL Ebsworth themselves could analyse the data and inform those whose data was compromised.

The law firm claimed that the reason that it took so long for the victims to be notified was that there was a large volume of data stolen and that determining what was compromised and who was affected required manual analysis.

“A very large volume of data was extracted, but it was not immediately apparent the extent of the impact to personal information,” said HWL Ebsworth.

“A complex manual review was needed to assess what personal information was involved and identify affected persons.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.