Major Australian law firm, HWL Ebsworth, recently acknowledged that they had suffered a data breach of over 4 terabytes of data, including documents describing client and staff. The firm became aware of breach on April 28 when a threat actor made a post to the dark web claiming to have exfiltrated their data. Upon being aware, the firm engaged investigators to investigate and undertake containment and remediation actions. The investigation confirmed that threat actors had accessed and exfiltrated certain information on a confined part of the firm’s system, but not on the core document management system. What makes this breach worrying is that the firm’s clients include the governments and large corporations. Some of those clients include the state government of Tasmania, the National Australia Bank and the Office of the Australian Information Commissioner – which is the government entity to which data breaches in Australia must be reported to. The Australian federal government has established a task force to determine the extent of the exposure, which is thought to include some sensitive military material. The law firm has also secured an injunction preventing media outlets from reporting on the contents of the leaked documents.
https://www.theregister.com/2023/06/20/hwl_ebsworth_cyber_incident/
This segment was created for the It’s 5:05 podcast