HWL Ebsworth Data Breach Urges Enhanced Security

On May 2, 2023, HWL Ebsworth, a prominent Australian legal firm, announced that it had fallen victim to a significant data breach. It is believed that hackers have gained unauthorised access to the company's computer systems, compromising a substantial amount of data, and it is expected that customer names, addresses, phone numbers, email addresses, and financial information have been compromised. The cybercriminals, believed to be associated with the AlphV ransomware organisation, demanded a ransom in exchange for not disclosing the stolen data. However, HWL Ebsworth refused to comply, leading to the hackers publishing the data on the dark web. The breach has caused extensive damage to the firm, resulting in customer notifications and the implementation of additional security measures. This incident serves as a reminder of the critical importance of maintaining robust data security protocols.

According to the 2022 ACSC Annual Cyber Threat Report, “ACSC received over 76,000 cybercrime reports, an increase of nearly 13 per cent from the previous financial year”. Cybercrime is reported every 7 minutes on average compared to every 8 minutes last financial year. There is a rise in the average cost per cybercrime report to over $39,000 for small businesses, $88,000 for medium businesses, and over $62,000 for large businesses, an average increase of 14 per cent.

The Ransomware and HWL’s response

AlphV, also referred to as BlackCat, is a ransomware organisation that surfaced in November 2021. Utilising advanced methods such as phishing emails, drive-by downloads, and exploit kits, this group infects victims' computers. Upon infiltration, AlphV encrypts all data and demands a ransom, usually in cryptocurrencies like Bitcoin, in return for the decryption key.

Upon discovering the breach, HWL Ebsworth promptly initiated an investigation to assess the extent of the compromised data and its potential impact on affected individuals. The company publicly announced its decision not to comply with the hackers' extortion demands, considering it a civic obligation to neither support nor condone such criminal behaviour.

The breach at HWL Ebsworth has raised concerns within the Australian government due to the firm's provision of services to various government bodies. The Department of Home Affairs has established working groups to evaluate the potential implications of the incursion on the government as a customer. There is a possibility that a Sensitive Information Working Group may be established to address the handling of any information that may have been compromised as a result of the breach. This information may be connected to issues concerning law enforcement, national security, or vulnerable persons.

The Impact and Actions required

A separate data theft incident affecting Tasmanians took place a few months ago, the Tasmanian government expressed concerns about potential harm resulting from the HWL Ebsworth breach. Madeleine Ogilvie, the Minister for Science and Technology for the state of Tasmania, issued a statement saying that investigations were now continuing to determine whether or not any information had been exposed as a result of the "illegal release of data held by national law firm HWL Ebsworth onto the dark web.

ACSC has provided an easy 7-step guide to protect from cyber-breach that includes,

• Update your devices and replace old devices that do not receive updates
• Activate multi-factor authentication
• Regularly backup your devices
• Set secure passphrases
• Watch out for scams
• Sign up for the ACSC’s free Alert Service
• Report cybercrime to the ACSC

Protective Measures

A recent survey by Palo Alto Networks identified professional and legal services as one of the primary industries targeted by cyberattacks in the Asia-Pacific region. These attacks aim to steal sensitive information or disrupt business operations. Given the increasing reliance on digital networks by companies and governments, proactive cybersecurity measures are imperative. Robust security protocols, such as employee education, firewalls, and intrusion detection systems, are essential to safeguard sensitive data and mitigate potential economic and national security threats.

The data breach at HWL Ebsworth underscores the growing threat posed by ransomware groups and the urgent need for improved cybersecurity measures. Organisations must prioritise the protection of sensitive data as they increasingly rely on digital infrastructure. Governments worldwide, including Australia, are allocating resources and implementing strategies to combat cyber threats effectively. However, it remains crucial for companies and individuals to remain vigilant, educate themselves about cyber risks, and implement robust security practices to safeguard against potential breaches and attacks.