Another instalment in the HWL Ebsworth data breach…this time highly sensitive Victorian government files leaked. The firm has finally provided an update and will provide updates every Thursday at noon.

July 17, 2023 |

The HWL Ebsworth’s woes continue with another announcement of what documents were stolen. This time it is Victorian Government files according to ‘Highly sensitive’ Victorian government files leaked online by HWL Ebsworth law firm hackers. Not to be outdone Queensland also says its files were taken by the data breach. Meanwhile the Fair Work Ombudsman has released a statement .

The statement provides:

On 8 May 2023, national law firm HWL Ebsworth reported a cyber incident involving a data breach and possible unauthorised disclosure of personal information to the dark web.

Documents relating to a limited number of our (the Fair Work Ombudsman’s) files were included in the breach experienced by HWL Ebsworth.

Importantly, none of our systems have been compromised by the cyber incident.

We’re working with HWL Ebsworth to ensure individuals affected by the data breach are notified as a priority. Support and assistance will be provided to these individuals.

The Department of Home Affairs is investigating the extent of the breach, including exposure of the Australian Government’s information including personal information.

We’re also working with HWL Ebsworth to understand what information of ours may have been disclosed. We take our obligations under the Privacy Act 1988 seriously and we’re committed to ensuring appropriate systems are in place to maintain the privacy and the protection of personal information.

HWL Ebsworth released a statement on Friday. It has finally adopted a sensible approach when dealing with the public, especially those affected or just concerned.  To date the firm has been secretive and inward looking.  That is entirely the wrong approach.  But then again, having a cyber security system that lets a hacker with one person’s authorisation not detecting wholesale theft of data shows that Ebsworth has a long way to go in getting its cyber house in order.  

The statement is clearly curated by a cyber security response team. It gives the appearance of being candid with the community while providing not too much in the way of information. It is still not best practice but it is better than the dreadful approach it took earlier this year. It can be hard to give time to making statements when the focus is on finding out the extent of the damage and fixing the systems.  But it is a very important step.  I very much doubt HWL Ebsworth had a data breach remediation plan. 

The statement provides:

As HWL Ebsworth continues to work through a detailed and comprehensive review of impacted information, we are eager to keep the public informed of the potential impact of this cyber incident. The privacy and security of our client and employee data is of the utmost importance, and we remain mindful of our responsibility to our clients and those individuals who have been affected.

As we contend with the scale and complexity of this challenge, our priority is to ensure that we properly review the data and inform those impacted as swiftly as we can. This is not a simple or quick task. The data set is large and unstructured and includes a complex mix of different types of documents and information, affecting many different stakeholders.

We continue to be cognizant that clients and other potentially impacted individuals and parties will be concerned to understand what data of theirs is impacted, but given this complexity, it is important to emphasise just how large the overall task is.

Since day one, we have worked closely with the government and all relevant authorities – including the Australian Cyber Security Centre and law enforcement agencies in their ongoing investigation into the incident.  We have formally notified the incident to the Office of the Australian Information Commissioner and continue to keep them updated.

We have been actively engaged with the newly appointed National Cyber Security Coordinator Air Marshal Darren Goldie, since his first day in the role, to provide him with a holistic picture of the incident and the actions we are taking. We have also been meeting regularly since the early days of the incident with the Legal Services Working Group, comprising representatives from across the Commonwealth and State and Territory governments, coordinated by the Department of Home Affairs.

The methodical and detailed work we are undertaking with our forensic experts McGrathNicol continues as we identify and review the impacted data and contact those affected in the most effective and efficient way.

We are engaged directly with law enforcement who have been taking steps to attempt to prevent any further data publication We also took the step, unprecedented in Australia, of obtaining an injunction from the Supreme Court of New South Wales, seeking to restrain further publication or dissemination of confidential information.


HWL Ebsworth appreciates the patience and understanding of those affected as we continue to work through the impact of this incident. Working together with impacted organisations, we are in the process of contacting individuals who have been impacted to provide information and offer direct assistance and we have established a dedicated channel for enquiries.  Given the volume of data compromised, this process will take some time to work through, however we are committed to communicating with all impacted individuals as soon as possible.

Where we have confirmed that core identity information has been impacted – drivers licence, passport, birth certificate details, for instance – we have offered Equifax Protect, a credit and identity monitoring service that helps reduce the risk of financial loss. HWLE has also partnered with IDCARE to provide impacted individuals with tailored and specific advice at no cost.


On Friday 28 April 2023, we became aware that a threat actor identified as ALPHV/BlackCat made a post on a dark web forum claiming to have exfiltrated data from HWL Ebsworth.

Upon becoming aware of this threat, HWL Ebsworth immediately engaged McGrathNicol to investigate the incident and undertake containment and remediation actions.

The investigation indicates the threat actor had accessed and exfiltrated certain information on a confined part of the firm’s system, but not on our core document management system. On 9 June 2023, we became aware that the threat actor had published on their dark web forum at least some of the data they claim to have taken.

We take very seriously our ethical and moral duties to the community, and we consider we have a civic duty not to in any way encourage nor to condone criminal activity. We remain firmly of the view that our decision to prevent these criminals from receiving any benefit from their behaviour was the right one. Our refusal to submit to a ransom demand was commended by Minister for Cyber Security Clare O’Neil MP as, “the right call by the nation” and that it “helps the safety of every Australian citizen & company”.

McGrathNicol has concluded the remediation actions taken by HWLE have been effective in containing the incident and mitigating the risk of potential future incidents. We are confident that these actions have closed out the immediate impact of the incident, hardened our systems and enhanced our overall security posture moving forward.

We have also used the incident as an opportunity to plan and implement further long term security enhancements for the firm to deal with the ever evolving cyber security threat landscape.


We do not currently have precise timing due to this hugely complex exercise but we will continue to provide relevant updates to staff, clients, regulators and other stakeholders, and provide support to those impacted. We will provide updates as more information comes to hand.

In addition, an update will be provided every Thursday at noon

Leave a Reply

Verified by MonsterInsights