The Western Australian government has been implicated in a major cyberattack on national law firm HWL Ebsworth, with a notorious Russian ransomware gang claiming to have published stolen data on the dark web. The Insurance Commission of WA (ICWA) confirmed it is among the affected clients, with information from over 300 motor vehicle insurance claims potentially compromised.
The ransomware group AlphV claimed in April to have exfiltrated terabytes of data from HWL Ebsworth, including financial and insurance records, credit card information, and internal documents. Earlier this month, the group published 1.45 terabytes of data after the law firm refused to pay the ransom. Other clients include major banks and federal government departments such as Health and Aged Care.
ICWA, which provides insurance for all WA-registered cars and self-insurance for the government, said it is blocked from assessing the breach due to a NSW court order prohibiting access to the leaked data. CEO Rod Whithear expressed concern but noted that a consent regime is being implemented to allow the commission to review potentially exfiltrated data. The firm is conducting its own review to inform affected clients.
HWL Ebsworth has engaged external cybersecurity experts to investigate the incident, stating that the breach was confined to a limited part of its system and did not affect its core document management system. The Australian Federal Police and Victorian Police are investigating, with support from the Australian Cyber Security Centre.
The hack is among the most significant cyber incidents in Australia, according to Home Affairs Minister Clare O'Neil, alongside breaches at Latitude, Optus, and Medibank. Incoming cyber security coordinator Air Marshal Darren Goldie will address the fallout when he assumes his role next month.
