Newly appointed cyber security tsar reports that sensitive personal and government information stolen from HWL Ebsworth has been posted on the dark web

July 5, 2023 |

The Australian Cyber Security Co ordinator, Darren Goldie, has confirmed in a statement that the HWL Ebsworth data breach has resulted in personal information and government information being posted on the dark web. This is confirmation of what has been known for some little time. It is covered in the Australian article HWL ­Ebsworth hack: ‘Sensitive personal and government information’ published on dark web, Darren Goldie reveals. It is also covered by Cyber Security Connect with New national cyber security coordinator releases statement on HWL Ebsworth hack.

The information provided by the cyber tsar provides little that is not known by those following this story. Given Black Cat has only published 1.4 terrabytes of the 4 terrabytes of data stolen there will be more uncomfortable moments for HWL Ebsworth in the coming weeks and months, 

To put matters into a broader context itgovernance has reported that in June 2023 there were 79 reported data breaches worldwide involving 14,353,113 records. It provided a brief summary of data breaches stating:

Number of data breaches in June 2023: 79

Breached records in June 2023: 14,353,113

Number of data breaches in 2023: 607

Number of breached records in 2023: 466,078,044

Biggest data breach of 2023 so far: Twitter (220 million breached records)

Biggest data breach in the UK: JD Sports (10 million breached records)

Most breached sectors: Healthcare (175), education (106), public (72)

The number of records compromised in the HWL Ebsworth data breach is shrouded in secrecy.  An injunction will do that.  The three known biggest data breaches, in terms of records compromised, in June 2023 were:

  •  Oregon and Louisiana departments of motor vehicles which involved a compromise of  all Louisianans with a state-issued driver’s license, ID or car registration. The Oregon Department of Motor Vehicles estimates that data of 3.5 million driver’s license and identity card were  compromised. 
  • Genworth Financial which was affected by the MOVEit breach, with at least 2.5 million records exposed in the attack.  Also compromised was California Public Employees’ Retirement System with  769,000 of its members affected.
  • Wilton Reassurance was also affected by the MOVEit breach which compromised records of 1,482,490 of its members.  

The Australian article provides:

New cybersecurity tsar Darren Goldie has revealed that “sensitive personal and government information’’ had been stolen and published on the dark web by a Russian ransomware gang that hacked law firm HWL ­Ebsworth.

Mr Goldie, appointed a week ago to the new role of National Cyber Security Co-ordinator, said his first order of business was to obtain briefings from the ­Department of Home Affairs and HWL Ebsworth on the “status of the response’’ to the cyber incident in April.

Russian gang BlackCat, also known as AlphV, hit the giant law firm in April, claiming to have stolen almost four terabytes of data.The group posted 1.4 terabytes online after the company refused to pay a ransom.

The Australian government has until now said very little about the hack, which is known to have caused deep concern, with the firm representing sensitive agencies including Defence, Home Affairs and the Australian Federal Police, as well as a number of ASX top 50 companies.

“A number of Australian ­government entities were impacted by the HWL Ebsworth cyber incident, with sensitive ­personal and government information released,’’ Mr Goldie said in a statement on social media platform Twitter on Wednesday.

“HWL Ebsworth is working with the department to address the impacts arising from the ­incident.

“HWL Ebsworth is also working with the Office of the Australian Information Commissioner to meet relevant obligations under the Privacy Act 1988.’’

Mr Goldie said he was ­“actively engaging with HWL ­Ebsworth to understand the ­complete picture of this incident, including how their private ­industry clients have been ­impacted, as the data analysis continues’’.

He said HWL Ebsworth’s clients caught up in the hack were now embarking on the process of ­advising “affected individuals’’ about what data had been taken.

“The department’s Legal Services Working Group, comprising representatives from relevant entities across the Australian government, continues to meet regularly to work with HWL Ebsworth on addressing the impacts from the cyber incident for government entities,’’ he said. “Additional co-ordination meetings are occurring to address issues for HWL Ebsworth’s broad­er client base.

“We will work to ensure lessons from this incident are shared so that we can continue to collectively bolster our responses to cyber incidents.’’

Announcing Mr Goldie’s ­appointment on June 23, Home Affairs Minister Clare O’Neil said: “HWL Ebsworth is a very significant incident and the Australian government is deeply concerned about it. I would place it in the realm of the most significant cyber incidents that we’ve experienced as a country over the last year, along with Latitude, Optus and Medibank.’’

The Australian in June revealed the extent of the HWL Ebsworth hack, with the gang said to have stolen documents that sources claimed related to the ADF, the AFP, the Woomera missile site, navy attack helicopter replacement program, enhanced diplomacy in the Indo-Pacific and Solomon Islands, ASIO, police intelligence relating to protests, and immigration detention.

The OAIC also revealed it had lost data, with reports at the weekend indicating that data might relate to the commissioner’s investigations into the Optus hack last year that had ­exposed the data of 10 million Australians.

The Insurance Commission of Western Australia has revealed it had lost data that potentially affects 300 motor vehicle insurance claims.

The NDIS Quality and Safeguards Commission has also lost data, along with the Tasmanian government.

Leave a Reply

Verified by MonsterInsights