Highly sensitive data from the Victorian government has been published on the dark web after the information was stolen during a cyber attack on an affiliated law firm.
HWL Ebsworth, a top Australian law firm, said it became a target of cyberattack by a Russian hacking group earlier this year when a threat actor identified as ALPHV/BlackCat made a post on a dark web forum claiming to have infiltrated data from the firm.
“Upon becoming aware of this threat, HWL Ebsworth immediately engaged McGrathNicol to investigate the incident and undertake containment and remediation actions,” the firm said on its website.
“The investigation indicates the threat actor had accessed and exfiltrated certain information on a confined part of the firm’s system, but not on our core document management system.”
“On 9 June 2023, we became aware that the threat actor had published on their dark web forum at least some of the data they claim to have taken.”
The Victorian government announced that the leaked data include a number of files from the government and that it was still in the process of reaching a compromise.
“We have been advised by HWL Ebsworth that information affected includes highly sensitive documents from legal files with state government departments and agencies,” a government spokeswoman said on July 14.
Chief Security Officer Says IT Systems Safe
Victoria’s Chief Information Security Officer David Cullen assured Victorians that the cyberattack didn’t directly target the state government’s IT system.“We are taking this matter extremely seriously, and are working in partnership with the Commonwealth government, and can confirm that there has been no direct breach of Victorian government IT systems,” Mr. Cullen said, reported 9News.
“HWL Ebsworth is in direct contact with impacted departments and agencies to provide advice on the specific information that has been exposed.”
He urged all suppliers to maintain strict cyber security measures to ensure their data is protected from hackers.
“Departments and agencies will make direct contact with those impacted as soon as possible to provide tailored advice and support because we know data breaches can be distressing, especially when personal information is involved,” the officer said.
“Supporting impacted Victorians and their wellbeing, remains a top priority.”
HWL Ebsworth, which has commercial and government clients in every state territory, said it is collaborating with Australia and New Zealand’s national identity and cyber support service IDCARE and subscription service Equifax Protect to support affected individuals.
The firm has insisted it would not give in to hacker’s demands for ransom.
Australia’s top cyber security co-ordinator Air Vice-Marshal Darren Goldie previously said several government entities had been impacted.
In June, the Tasmanian government said it had been contacted by the federal government about an “illegal release” of data stolen in the attack leaked on the dark web.
That was the same month hackers from Russia claimed to have published data stolen during the attack.