International

NDIS Agency Faces Risk Of Leaked Sensitive Client Information Following HWL Ebsworth Hack

Following a major cybersecurity breach targeting law firm HWL Ebsworth, which has represented the National Disability Insurance Scheme (NDIS) Agency in Australia, the agency is urgently investigating the potential exposure of sensitive client information related to appeal cases.

The ALPHV/Blackcat ransomware group, believed to have Russian links, announced on the dark web in late April that they had successfully hacked data from the law firm. Subsequently, the group released a portion of the stolen data, amounting to 3.6TB, with 1.1TB already made public.

During the recent holiday weekend, HWL Ebsworth obtained a non-publication order from the NSW supreme court to prevent further dissemination of the compromised material. As a result, clients of the law firm will have to rely on the firm’s communication to determine if their sensitive information has been affected by the breach.

As HWL Ebsworth, the law firm targeted in the cyberattack, has numerous clients, including several federal government agencies, the potential impact of the breach extends beyond the law firm itself. The National Disability Insurance Agency (NDIA), responsible for managing the NDIS, has expressed concerns about whether their information may have been compromised and is actively seeking clarification.

The NDIA spokesperson stated “The [NDIA] is engaging with HWL Ebsworth regarding the cyber incident experienced by HWL Ebsworth and whether any NDIA information has been affected”.

HWL Ebsworth has been representing the NDIA in legal appeals related to client NDIS plans. At the time of September last year, there were approximately 4,000 appeals awaiting resolution, but efforts have been made by the new government to address the backlog and expedite the process.

Court documents obtained by Guardian Australia indicate that at least one individual involved in a case against a government agency has discovered their personal information within the leaked data resulting from the cyberattack. In an affidavit, Russell Mailler, Chief Strategy Officer at HWL Ebsworth, confirmed that the affected person “contacted the firm regarding personal information about him that he has found in the [hack]”.

Mailler further stated that “He has referred to three other applicants in similar matters whose data he has also apparently viewed.”

HWL Ebsworth, the law firm affected by the cyber breach, is currently engaged in a thorough and expedient examination of the compromised data, although specific clients have not been disclosed by the firm.

The Office of the Australian Information Commissioner (OAIC), the country’s principal privacy authority, confirmed that it is also a client of HWL Ebsworth and has been impacted by the breach. The OAIC reported that a limited number of its files were included in the leaked documents.

As part of its breach reporting obligations, HWL Ebsworth notified the OAIC about the data breach, and it will be the responsibility of the regulator to investigate how the law firm safeguarded private information.

According to court documents, HWL Ebsworth initially overlooked the ransom threats from the ALPHV/Blackcat group, as the first email was mistakenly marked as spam by recipients, and the second email was filtered out by the firm’s anti-spam system. It was only after the dark web post emerged and a third email was received that the firm realized the authenticity of the claims.

Meera Verma

Recent Posts

Punjab & Haryana HC Notice To Jindal Law School Over AI-Generated Exam Claims

The Punjab and Haryana High Court on Tuesday has issued a notice to Jindal Global…

11 hours ago

ED Files Money Laundering Complaint Against Charanjit Singh Bajaj, 4 Others

The ED on Tuesday has filed a Prosecution Complaint before the Special Court in Mohali…

11 hours ago

Pune Porsche Case: SC Rejects Anticipatory Bail To Father Of Minor Driver’s Friend

The Supreme Court on Tuesday denied bail to Arunkumar Devnath Singh, whose son is a…

13 hours ago

SC Dumps Plea Against Quashing LOC For Sushant Singh Rajput’s Ex-House Help

The Supreme Court on Tuesday dismissed the Centre's appeal against a Bombay High Court order…

13 hours ago

Rape Case: SC Issues Notice On Ex-Army Officer’s Plea For Quashing Charge sheet

The Supreme Court on Tuesday has agreed to review a plea from retired Army Captain…

14 hours ago

Chhattisgarh NAN Scam: FIR Against 2 Retired IAS Officers, Former AG

The Chhattisgarh Anti-Corruption Bureau on Tuesday has registered a case against 2 retired IAS officers…

14 hours ago