In answers to questions on notice, the government revealed the Department of Home Affairs had obtained a list of departments and agencies affected by the hack, described by Cyber Security Minister Clare O’Neil as being on par with the Optus, Medibank and Latitude hacks of last year.

The government declined to release the list, and confirmed that four months after the hack by ransomware gang BlackCat/ALPHV, it had not yet notified affected individuals that their data had been compromised.

Senator Murray Watt, speaking on behalf of Ms O’Neil, said the Department of Home Affairs “has received a list of Australian government departments and agencies that may have been impacted by the HWL cyber security incident”. “Not all departments and agencies within that list have been able to confirm they have been impacted by the incident,’’ he said in response to questions from opposition cyber security spokesman James Paterson.

“The Department of Home Affairs cannot answer questions on (the) nature of the compromised data for other Australian government departments and agencies (but) the compromised data includes a range of personally identifiable information relating to Australian government employees and clients/customers, corporate information and commercially sensitive information.

“In relation to the department’s data, HWL Ebsworth is analysing the impacted data sets to identify the nature of the information contained in the data.’’

A spokesperson for Ms O’Neil said Home Affairs was aware some of its data had been exposed.

“HWL Ebsworth has begun notifying affected individuals with the assistance of the department,’’ the spokesperson said.

“The National Cyber Security Co-ordinator is working closely with HWL Ebsworth to better understand the issues relating to the nature of the data impacted and the process for notifying affected individuals.’’

The hack of 2½ million documents from Australia’s largest commercial law firm has impacted multiple agencies across the federal government, state governments including Tasmania, Victoria, Western Australia and Queensland, and major companies including the four big banks.

Judo Bank and airline Regional Express (Rex) are the two latest companies to advise they also lost data.

Despite having 63 federal government clients and contracts worth more than $100m, HWL Ebsworth and other law firms are not on the critical infrastructure register and do not fall under the Security of Critical Infrastructure (SOCI) Act that places greater cyber security obligations on companies listed on the register.

HWL Ebsworth has not explained specifically how the hackers were able to compromise the company’s Melbourne servers, but it said it had “hardened our systems’’.

Senator Paterson has been trying for months to find out which agencies were impacted, and how the government was notifying affected persons whose data had been compromised.

“It is disturbing that four months on from this serious cyber incident, those who may have been affected have still not been notified and the government is still not certain which departments have been hit or what data they have lost,’’ he said. “This should be an immediate priority of the newly appointed National Cyber Security Co-ordinator.’’

None of HWL Ebsworth’s clients’ computer systems were hacked, but their communications, including emails, spreadsheets, identification and other documents exchanged with the law firm have been compromised.

The National Disability Insurance Agency, one of the government organisations hacked, has many vulnerable clients and some of those have also been ­impacted.

Anyone concerned their data may have been compromised is asked to call the NDIA on 1300 216 807.

More Coverage

Defence loses top secrets in hack

Ellen Whinnett

Russian hackers may have data from 40 departments

Ellen Whinnett

Banks exposed in law firm cyber attack

ELLEN WHINNETT, LIAM MENDES

Medibank won’t release report into cyber attack

David Swan

Ellen WhinnettAssociate editor

Ellen Whinnett is The Australian's associate editor. She is a dual Walkley Award-winning journalist and best-selling author, with a specific interest in national security, investigations and features. She is a former political editor and foreign correspondent who has reported from more than 35 countries across Europe, Asia and the Middle East.

@ellenwhinnett

Ellen Whinnett

More related stories

Politics

Jewish leaders: put Greens last on ballot

Two of the nation’s leading Jewish groups have sought public commitments from Anthony Albanese and Peter Dutton for the major parties to preference each other over the Greens at the next election.

Read more

Politics

Diplomat’s partner in post-rugby slur at cops

Footage has emerged of an ­Australian diplomat’s partner apparently yelling a homo­phobic slur at police during his arrest after the Bledisloe Cup rugby match in New Zealand last month.

Read more