Big four banks clients of law firm HWL Ebsworth hit by Russian cyber attack
Some of the nation’s largest corporations, clients of HWL Ebsworth, are trying to see what data has been stolen by the Russian hackers who infiltrated its IT systems.
Australia’s four largest banks have confirmed they are all clients of HWL Ebsworth and are urgently working to establish what data has been stolen by Russian hackers who infiltrated the law firm’s IT systems.
ANZ, Commonwealth Bank and Westpac said they were working alongside HWL Ebsworth to investigate what data had been exposed, and whether customer or employee details had been compromised.
The National Australia Bank had already confirmed its exposure, after the hackers posted online that they had accessed NAB’s data.
Another of the firm’s clients, financial services company AMP, also said it was looking to see if any of its data had been compromised.
The banks are thought to be among thousands of private clients, and dozens of government agencies, caught up in the hack, in which Russia-linked ransomware gang BlackCat hacked into HWL’s Melbourne servers in April and stole four terabytes of data, posting about a quarter of it online when the company refused to pay a ransom.
As details begin to emerge of the scale of the hack, The Australian can confirm HWL Ebsworth has previously represented “confidential clients’’ who sought immunity from prosecution from the Australian Competition & Consumer Commission.
“Confidential clients in seeking immunity from prosecution from the ACCC and all dealings with the ACCC in running multiple immunity processes,’’ it says on its website.
The firm also represented the Department of Human Services and Medicare on the highly confidential and controversial My Health Record, Australia’s national electronic health records system, advising the government agencies on privacy, software licensing, third-party contracts and agency agreements.
Neither the ACCC nor the law firm would confirm if such sensitive data was among the many millions of documents stolen by BlackCat, also known as ALPHV and Alpha Spider.
The ACCC is also a client of HWL Ebsworth, with a spokesman saying the firm had been engaged “in a limited capacity in recent years’’.
“At this stage we understand that a very small number of ACCC documents may have been affected by the recent data breach,” the spokesman said. “We are continuing to monitor and receive updates and are working through the implications of the situation.’’
The large banks are among dozens of ASX-listed companies HWL Ebsworth has represented in recent years.
Unlike in the hacks of Optus, Medibank and Latitude in recent months, it seems unlikely mass customer data was stolen.
However, an unknown number of drivers’ licences are known to have been stolen, which heightens the risk of identity fraud. It is not known if the licences belong to bank customers or to people who had other interactions with the law firm.
A Commonwealth Bank spokesman said HWL provided “some legal services to CBA. We are managing this as an urgent priority and are in regular contact with HWL Ebsworth to understand developments as their investigation is under way.”
On its website, HWL Ebsworth indicates it has worked for ANZ to “advise employed traders in relation to ACCC and ASIC investigations’’.
An ANZ spokesman said the bank was a client of HWL Ebsworth. “We are working with HWLE and others to understand and address the potential exposure, and we will directly contact those employees and customers who may have been impacted,’’ the spokesman said.
Westpac’s spokesman said the bank was aware of the data breach affecting the law firm.
“Westpac has been liaising with HWL Ebsworth as they investigate the breach and notify any affected individuals. Westpac systems are unaffected,’’ he said.
Scentre, the company behind shopping mall behemoth Westfield, has also used HWL Ebsworth on occasion. The company declined to comment.
The NSW government, also a client, said it was working with the firm, law enforcement and commonwealth agencies to respond to the cyber attack.
“If any customers have questions about protecting their identity, they can contact ID Support on 1800 001 040,” a spokesman said.
Another client, the ACT government, has confirmed HWL Ebsworth was a “legal service provider to the territory’’ and had advised it about the cyber incident.
“The ACT government continues to actively engage with HWL Ebsworth as the extent of the breach is investigated,” a spokesman for Chief Minister Andrew Barr said.
“The ACT government also continues to participate in the arrangements led by the Department of Home Affairs.”
The Tasmanian government, which also uses HWL Ebsworth, had earlier confirmed it was investigating whether any of its data had been compromised.
On its website, the law firm says it became aware on April 28 of a post on a dark web forum from ALPHV/BlackCat claiming to have exfiltrated data from the company.
“The investigation indicates the threat actor had accessed and exfiltrated certain information on a confined part of the firm’s system, but not on our core document management system,’’ it says.
“On 9 June 2023, we became aware that the threat actor had published on their dark web forum at least some of the data they claim to have taken.’’
More Coverage
Uni sets up safe room for Jewish students
A university in Sydney has set up a high-security ‘safe room’ for Jewish students after some reported feeling at risk due to anti-Semitism on campus.
Cocktail hour at the Lodge for teals who could choose next PM
Teal and independent MPs received last-minute invitations for 6.30pm drinks at the Prime Minister’s residence on Monday and Tuesday, marking the first time that the teals have travelled to the Lodge since the 2022 election | WATCH