Australian information commissioner launches HWL Ebsworth hack investigation

The OAIC will investigate the law firm’s data handling practices in the wake of the 2023 data breach that affected 56 government agencies.

The Office of the Australian Information Commissioner (OAIC)has launched an investigation into the 2023 HWL Ebsworth data breach.

The law firm fell victim to the ALPHV ransomware operation in April 2023, which eventually published millions of documents on the darknet in June. Given the HWL Ebsworth’s work with many government agencies, it impacted agencies such as Home Affairs and the Australian Federal Police (AFP).

Sixty-five government agencies in total were affected.

============

The OAIC announced preliminary inquiries into the matter in June 2023, and clearly, there’s more work to be done. This new investigation will focus on how HWL Ebsworth handled “the security and protection of the personal information it held” and how the firm notified impacted individuals.

“The commissioner has a range of options available to her if, following her investigation, she is satisfied that an interference with the privacy of one or more individuals has occurred,” the OAIC said in a statement.

“This includes making a determination, which can include declarations that HWLE take specified steps to ensure that the relevant act or practice is not repeated or continued, and to redress any loss or damage suffered by reason of the act or practice. If the investigation finds serious or repeated interferences with [the] privacy of individuals, then the commissioner has the power to seek civil penalties against HWLE from the Federal Court of Australia.”

The OAIC’s investigation comes just over a week after the National Office of Cyber Security released its Lessons Learned Review on the response to the devastating hack.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.