Hacked law firm HWL Ebsworth accused of ’stifling accurate public reporting’ following Russian cyber hack

Top-tier law firm HWL Ebsworth and the federal government has been accused of ‘stifling accurate public reporting’.

2 min read

9:46PMJune 18, 2023

Ransom demands sent to law firm HWL Ebsworth after 4 terabytes of data were stolen by Russian hackers. Picture: Supreme Court of NSW

Top-tier law firm HWL Ebsworth and the federal government have been accused of “stifling accurate public reporting” after the law firm was hit with a demand for more than $6m in cryptocurrency by Russian hackers.

It was part of an elaborate extortion attempt in which terabytes of highly sensitive information about HWL Ebsworth’s government, commercial and private clients was stolen.

Opposition home affairs spokesman James Paterson accused the law firm of trying to “shut down public conversation” by obtaining a court injunction and slammed the Albanese government for failing to appoint its promised cybersecurity co-ordinator.

“It’s really one of the most serious ever data leaks involving Australian government data; it’s hard to think of a more serious one than this, because of the sensitivity of the agencies and the material involved,” Senator Paterson said.

Russian cyber hackers compromise top-secret defensive data in historic breach

Last Monday HWL Ebsworth, which boasts the largest number of partners of any law firm in Australia, was granted an urgent ex parte injunction limiting the public knowledge of the content of the hacked data.

At least 45 departments and agencies fear data they shared with the firm has been compromised, due to the data including “incredibly sensitive material” from across the federal government, including in national security-related portfolios.

According to court documents obtained by The Australian, 3.6 terabytes of data, comprising 2.37 million files, is believed to have been stolen by Russian hacker group ALPHV, also known as BlackCat.

The material includes defence-related documents relating to the redevelopment of the secret Woomera missile testing site in South Australia, the $3bn plan to replace Australia’s fleet of Taipan attack helicopters and the Indo-Pacific enhanced engagement strategy, which is designed to counter Chinese influence in the Pacific.

The injunction, granted on the King’s Birthday long weekend, attempts to prohibit the hackers from releasing any more of the stolen data, and prohibits any “third party”, including the media, from using the data “for any purpose”.

Opposition home affairs spokesman Senator James Paterson. Picture: Kym Smith

Senator Paterson said the breach should not have been made public through journalists, but instead should have been “proactively” disclosed.

“We should be learning about it because the government was on the front foot and was proactively being upfront and honest with the Australian people about the severity of the breach that’s happened and sharing what they do know,” he said.

Senator Paterson said he was surprised the firm was attempting to “shut down public conversation” about the hack, labelling the application for an injunction – which didn’t occur when Medibank or Optus were hacked – “unorthodox and unprecedented”.

An HWL Ebsworth spokesman told The Australian on Sunday that the firm acted to “prevent any further broader access to, or dissemination of, the data in the interests of our clients, our employees, and our firm”.

“Public discussion of data breaches affecting organisations in Australia, including ours, is appropriate, but it cannot come at the expense of our clients’ rights to protect their confidential information.”