Peter A Clarke

Legal sites are regular targets of cyber attacks.  They contain considerable personal and financial information.  The Legal Practice Board of Western Australia has recently been subject of a data breach by the Dire Wolf ransomware gang involving the exfiltration of data, including personal information, which has been published on the darknet. The Dire Wolf Gang posted about the theft on 26 May 2025.  The Board published a statement on 27 May 2025. The gang claims to have stolen 300 gigabytes of data. It claims that it will post half the stolen data on 15 June and the balance on 30 June

The Board has apparently issued an ex parte injunction regarding the use of the material found on the dark net.  This form of injunctive relief has become a relatively common response to organisations that have suffered a data breach and discovered that the stolen data has been placed on the dark web for sale.  The limitations of the injunctions are obvious.  An injunction has no more of a deterrent effect than a criminal prosecution.  The second limitation is that thieves and those that buy the data are commonly located out of the jurisdiction and often based in a location which does not respond promptly, if at all, to orders of Australian courts.

These injunctions effectiveness have not been tested.  Irrespective, organisations can refer to the injunctions as part of a rapid and comprehensive response to the data breach.  That may be relevant for the regulators as well as the persons whose personal information has been stolen.  It does not address the why the breach occurred in the first place.  That is an entirely different issue.  It is particularly telling that the Board seemed to be made aware of the breach by the Dire Wolf Gang.  The Board’s statement is so general that very little of the breach has been made public.  That is quite an obsolete approach to issuing notices.

It is relevant to note that the last month the Florida Bar urged law firms to adopt incident report plans to deal with cyber attacks.  It would be interesting to see if the Legal Board of Western Australia had such a plan.  Given it is likely that the Board only found out about the breach when contacted by the gang the extent of cyber security protection would be in issue. Proper cyber security is more than perimeter defence.  It should involve siloing information, having programs that detect unusual activity and proper encryption of data.  It also involves data minimisation. 

The Legal Practice Board’s anodyne statement provides:

The Legal Practice Board (the Board) is currently investigating a cyber incident which has resulted in some of our systems being taken offline, including our online website services.

We are working to restore access to systems as soon as possible and have implemented manual workarounds to ensure that we can continue to deliver key services, including processing applications and renewals for Australian practising certificates.

If you need to apply for or renew your Australian practising certificate, please download and complete our Australian practising certificate form, and return it to us by email on enquiries@lpbwa.com We will contact you separately to arrange payment.

We are investigating what has happened as a priority, with support from external experts.

From our investigation to date, we have confirmed that a small amount of information taken from the Board’s IT environment by an unknown third party has been disclosed. This information consists of corporate correspondence containing:

• • minimal contact information
  • some operational and resourcing information
  • bank account details for the Board and a small number of third parties who have been directly notified.

Our investigation is ongoing, and we will provide further updates should this position change as we learn more. Any questions about the incident should be directed to incident@lpbwa.com or by calling the Helpline on 08 7070 2413.

To ensure we are taking all available steps in response to this, we have obtained an injunction to prevent any access, dissemination or sharing of data impacted by this incident.

We are also working closely with Cyber Security Western Australia – part of the Office of Digital Government, in the Department of Premier and Cabinet, and other relevant authorities in response to this incident. We will provide further updates as our response progresses.

The Australian’s coverage is more expansive about the why and impact providing:

Western Australia’s legal fraternity has been plunged into chaos and confusion after the bank details and contact information of practitioners was posted to the dark web following a cyber hack on the state’s legal board.

The Legal Practice Board of Western Australia was on Wednesday forced to take out an injunction to prevent the further dissemination of confidential information extracted from its digital data base.

A senior Perth legal source has told The Australian the profession is up in arms over the breach which has possibly effected anyone with a WA practising certificate – including current silks, sitting judges and chief justice Peter Quinlan.

“This has jeopardised the safety of individuals, being judicial officers and lawyers who require privacy from clients and parties,” the source said. “They have not provided enough guidance on this matter.”

Legal Practice Board executive director Libby Fulham on Wednesday night told The Australian the board is “investigating the nature and extent of this incident as a priority, with support from external experts.”

“Our investigation to date has found that a small amount of correspondence was taken from our IT environment and has now been disclosed,” she said.

“This correspondence primarily contains limited contact details and internal operational and resourcing information, as well as bank account information for the board and a small number of third parties, who have been directly notified. All those whose banking details were involved have been directly notified.”

She said the board had obtained an injunction to “prevent any access, dissemination or sharing of any data impacted by this incident”.

However, she confirmed the board became aware of an online post by dark web group Dire Wolf on Tuesday.

Ms Fulham confirmed the board took some systems offline on May 21 when we detected some unusual activity on our network”.

“We emailed lawyers with a WA practising certificate yesterday evening to make them aware of the incident and that we continuing to deliver our key services, such as renewal of practising certificates, with some manual workarounds in place,” she said.

“We do not have any credible evidence at this time to suggest the third party possesses any other board data.”

The source said criminal and family lawyers are worried about their personal details being revealed as most are silent voters and have suppressed details.

Cyber Daily has also provided more information of the hacking gang, what they have done and when stating:

The Dire Wolf ransomware gang has listed the Legal Practice Board of Western Australia as a victim on its darknet leak site and is threatening to publish 300 gigabytes of stolen data.

In the post, dated 26 May, the hackers shared some details of the data exfiltrated; however, due to an injunction, Cyber Daily is unable to report on the contents of what has been published.

Alongside links to sample data, Dire Wolf has published its intended timeline for publishing the dataset. Sample data was published on 26 May, and the gang plans to publish half the files on 15 June, with the remaining to come on 30 June.

The Legal Practice Board of Western Australia has confirmed it is aware of the actor’s claims.

“The Legal Practice Board (the board) is currently investigating a cyber incident which has resulted in some of its systems being taken offline, including the board’s online services,” a spokesperson for the board told Cyber Daily.

“The board is working to restore access to systems as soon as possible and has implemented manual workarounds to ensure that we can continue to deliver key services, including processing applications and renewals for Australian practising certificates. We apologise for any inconvenience caused while this work is underway.

“We are also investigating the nature and extent of this incident as a priority, with support from external experts.”

According to the board, limited correspondence and contact details have already been disclosed by the incident, including operational and resourcing information. “Bank account details for the board and some legal practices” have also been compromised.

“We would like to assure our stakeholders that we have not detected any impact to sensitive information at this time. We will provide further updates as we know more,” the spokesperson said.

“The board has also obtained an injunction to prevent any access, dissemination or sharing of any data impacted by this incident. Any attempt to access this data would be in contravention of this court order.

“The board is also working closely with Cyber Security Western Australia – part of the Office of Digital Government, in the Department of Premier and Cabinet, and other relevant authorities in response to this incident. Further updates will be provided as needed as the response progresses.”

Little is currently known about the Dire Wolf operation, and it has so far posted only six victims to its leak site, all on 26 May. According to the group’s About page, “We are a group of hackers who only seek money.”

“No morals, no political stance, no LGBT.”

The gang claims to utilise double-extortion techniques, both stealing and threatening to publish data, and encrypting that data, forcing victims to pay a ransom in order to purchase a decryptor to unlock their files.

Dire Wolf’s contact page provides a Tox messaging ID and claims that the gang is based in New York. The copy on the site suggests that the hackers are at least familiar with English, if not native English speakers.

The Legal Practice Board of Western Australia is a public sector, independent statutory authority that issues practising certificates and assists the Supreme Court of Western Australia with new admissions to practice.

“The board also supports the legal profession and the community by providing educational and professional development services, and promoting clear and comprehensive information,” the board said on its website.

In the 2023–24 financial year, the board issued 8,094 practising certificates.

The Australian’s article on the breach provides: