Cyber incident affecting HWL Ebsworth
The Australian Government has been informed that HWL Ebsworth, a law firm used by various large commercial and government organisations has experienced a data breach.
ID Support NSW has supported HWL Ebsworth and collaborated with government cyber security and relevant Commonwealth agencies, to understand and assess the data that has been affected and the impact on customers.
- On 1 May 2023, HWL Ebsworth reported a cyber incident involving ransomware and claims of data exfiltration and publication to the darkweb.
- On 8 May 2023, HWL Ebsworth provided initial notification to the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breaches (NDB) scheme.
- On 9 June 2023 HWL Ebsworth became aware that a threat actor had claimed to have published at least 1.4TB of exfiltrated data on the dark web.
The Government continues to actively engage HWL Ebsworth as it investigates the extent of the breach, including impacts on NSW Government agency information.
This process remains ongoing and will take time to complete due to the scale of the impacted data. The Government is continuing to work with HWL Ebsworth to understand and manage the potential consequences of the publication of the data.
- Be alert for scams referencing the HWL Ebsworth data breach.
- Contact ID Support NSW for support and guidance. ID Support NSW provides assistance to those whose proof of identity credentials have been stolen or fraudulently obtained. ID Support advisors can answer your questions regarding restoring and safeguarding the security of your identity.
We can help
We can help you check, restore and protect your identity from misuse and identity crime.
Read the HWL Ebsworth data breach frequently asked questions.
HWL Ebsworth is working with clients, NSW Government and OAIC to meet relevant obligations under the Privacy Act 1988 and ensure affected individuals are notified as soon as possible.
HWL Ebsworth has been granted an injunction by the Supreme Court of NSW regarding the
information that threats actor claimed to have published, seeking to restrain the activities of the threat actor, and preventing additionally access by other parties.
Accessing stolen sensitive or personal information from the dark web is strongly discouraged as it is considered an offence to deal in stolen personal information and can result in up to 5 years' imprisonment.