The continuing ripples from the HWL Ebsworth data breach; NAB bank data leaked online

June 20, 2023 |

Large data breaches are rarely resolved quickly. That is why I am so surprised that organisations with the means and structures are so complacent with their data security. The focus is minimal compliance rather than security that is fit for purpose. The HWL data breach will be a long and excruciating process. The latest development is that data belonging to NAB have been found on line. See the Australian’s story NAB the latest to be confirmed as victim of HWL Ebsworth hack, with bank data leaking online . Beyond the revelation that the NAB has been affected the article itself is something of a reheating of earlier reporting. 

NAB has been motivated to issue a statement which provides:

“We are aware that HWL Ebsworth, a law firm engaged by NAB for some legal services, has been impacted by a cyber-attack. NAB’s systems were not impacted and remain secure. We are working with HWLE as they continue to get more information in relation to the content of these matters.”

There will be more statements like this from affected HWL Ebsworth clients (or ex clients). 

Based on the limited information provided to date it appears that the transfer of documentation from clients to the firm was not through access provided to the firm, as often happens with third party services providers working with an entity.  In those circumstances the danger is the initial hack will give rise to another hack as permissions and authorisations are stolen and used to access the other organisation.  Here HWL Ebsworth and its clients probably adopted the more traditional, and logical, means of transfer of documents.  The clients provided what the firm needed to provide the legal service and that transfer would have been by one of a number of transfer means, none of which involved the clients providing the firm with access to their sites. 

The Australian article provides:

The National Australia Bank is among the clients of HWL ­Ebsworth whose dealings with the law firm appears to have been leaked online.

The cyber criminals accessed the servers of individual employees, copying their documents and downloads, among other data.

NAB’s own IT systems have not been hacked, meaning large-scale customer data theft is highly unlikely. The compromised data would more likely relate to specific legal issues where NAB hired HWL Ebsworth to provide advice.

“We are aware that HWL Ebsworth, a law firm engaged by NAB for some legal services, has been impacted by a cyber-attack,’’ a NAB spokesperson said.

“NAB’s systems were not impacted and remain secure. We are working with HWLE as they continue to get more information in relation to the content of these matters.”

The Russia-linked ransomware gang BlackCat, also known as AlphV or Alpha Spider, hacked HWL Ebsworth’s Melbourne servers in late April, and tried to extort the company into paying a ransom. When the company ­refused, the hackers posted some of the data online.

An injunction taken out by the law firm on viewing or disseminating the data has sought to mute public discussion about the hack, but sources in Canberra say there are thousands of companies, organisations and individuals caught up in the attack.

Affected parties have to wait to be told by HWL Ebsworth what documents have been stolen, and three sources have told The Australian that the injunction has frustrated their efforts to do their own forensic investigations into what had been lost.

Publicly identified clients of HWL Ebsworth include the Tasmanian government, and numerous federal departments and agencies including Defence, Home Affairs, Attorney-General’s Department, Treasury and the Australian Federal Police.

Documents relating to sensitive issues including the Woomera range missile testing site in South Australia, Defence’s $3bn replacement program for its ­attack helicopters, and Australia’s engagement in the Indo-Pacific and Solomon Islands have also been leaked.

The cache of compromised data is thought to include documents that are up to 20 years old. Other data including driver’s ­licences have been leaked.

While big government departments are refusing to say what data they have lost, smaller agencies including the Office of the Australian Information Commissioner and the NDIS Quality and Safeguards Commission have confirmed their data was compromised.

Government officials are holding daily meetings to try to determine the federal exposure to the leak. While it is highly unlikely any top-secret or classified documents were held by HWL Ebsworth, due to their security classification, the government is deeply concerned there is sensitive and politically embarrassing material available on the dark web.

HWL Ebsworth said on Monday night that it “continue(s) to work through a detailed and comprehensive review of the impacted data and informing impacted third parties and individuals as swiftly as we can.

“We have an ongoing engagement with relevant authorities in relation to this process, including the Office of the Australian Information Commissioner.’’

Leave a Reply

Verified by MonsterInsights