Australia’s newly appointed national cybersecurity coordinator, Air Vice-Marshal (AVM) Darren Goldie, has confirmed that Australian government entities embroiled in the HWL Ebsworth cyberattack have had their “sensitive personal and government information” stolen by Russian cybercriminals.
This comes as over 40 Australian government agencies are feared to have been impacted by the database hacking, including Australia’s four major banks.
AVM. Goldie said that he is working with the law firm EWL Ebsworth to understand the full extent of the data breach.
“I am actively engaging with HWL Ebsworth to understand the complete picture of this incident, including how their private industry clients have been impacted, as the data analysis continues,” AVM. Goldie said in a statement on July 5.
“Impacted entities are commencing the process of notifying affected individuals about the impacts the data breach has had on their information.
“We will work to ensure the lessons from this incident are shared so that we can continue to collectively bolster our responses to cyber incidents.”
As the cyber security chief’s first order of business, AVM. Goldie was tasked to seek briefings from the Department of Home Affairs and HWL Ebsworth on the status of the cyberattack, which occurred in April.
Of the four terabytes that were stolen by Russian cybercriminal BlackCat, approximately 1.45 terabytes of sensitive information were published by the hacking grouping on the dark web on June 8.
The Department of Home Affairs previously told The Epoch Times in an email that the government continues to actively engage HWL Ebsworth “as it investigates the extent of the breach, including impacts on Commonwealth information.”
While announcing AVM. Goldie’s appointment on June 23, Home Affairs Minister Clare O'Neil said the cyber hacking was “significant.”
“I would place it in the realm of the most significant cyber incidents that we’ve experienced as a country over the last year, along with Latitude, Optus and Medibank,” Ms. O’Neill said.
Departments such as Home Affairs, the Australian Taxation Office, the Office of the Australian Information Commissioner (OAIC), the Defence Department, and the Australian Federal Police have been impacted by the database hacking of HWL Ebsworth.
National Security Potentially At Risk
Shadow Minister for Home Affairs and Cybersecurity, Senator James Paterson, said that sensitive information related to defence and national security may have been taken during the cyber breach.“It appears that it held on their behalf ... sensitive information of a sometimes classified nature.
“The risk that has spilled out into the public is a very serious thing indeed.”
On June 12, HWL Ebsworth was granted an injunction by the Supreme Court of NSW to prevent the hacking group from disclosing the stolen data online. The hacking group was also ordered to take down the data immediately. The injunction order was served using the contact information provided in three emails that demanded a ransom payment, which HWL Ebsworth had previously said it would not be paying.
However, Mr. Paterson said the injunction also meant anyone concerned that they may have been a victim of the cyberattack would commit an offence if they searched for the data.
“Because of this injunction, it’s potentially a crime for you, or I, to go and look at that information or to try and download it,” Mr. Paterson said.
“We’re not exempt because we’re a victim or a journalist or anyone else who’s looking at this.”
However, HWL Ebsworth managing partner Juan Martinez admits there are “practical limits” to enforcing the injunction.
No Detail Released on Ransom Demands Yet
Both HWL Ebsworth and the government have not yet released any information on the ransom demands or whether they will meet themThe Russian cyber hacking group has claimed that it has taken over four terabytes of HWL Ebsworth data that, includes internal company credentials, financial and insurance data, credit card information, agreements, client documents, and legal advice provided to the agencies.
AVM. Goldie said HWL Ebsworth is working to address the impacts of the cyberattack.
“HWL Ebsworth is also working with the Office of the Australian Information Commissioner to meet relevant obligations under the Privacy Act 1988,” he said.
“The investigation indicates the threat actor had accessed and exfiltrated certain information on a confined part of the firm’s system, but not on our core document management system,” the company said.
“We continue to be engaged in a comprehensive investigation into the nature and extent of the impact of the incident with the assistance of leading external cyber security experts.
