Australian law firm HWL Ebsworth has confirmed to local media that its network was hacked after the ALPHV ransomware gang began leaking data they claim was stolen from the firm.
HWL Ebsworth is one of Australia’s largest law firms, with an annual turnover of hundreds of millions of dollars, employing over 2,000 people and operating nine offices across the country.
Last night, the ALPHV ransomware gang, also known as BlackCat, released 1.45 terabytes of data containing over one million documents that were allegedly stolen from the law firm’s systems in April 2023. cybercriminals are now threatening to disclose more if the company does not comply with their demands.
A company spokesperson told ABC that they would not succumb to the menacing actor’s extortion demands, even if it means they and their clients will face the consequences of leaking very revealing data.
“We take our ethical and moral duties to the community very seriously. We consider it a fundamental civic duty not to, in any way, encourage or be seen to condone the criminal activity of extorting money by taking and threatening to publish others’ data,” HWL Ebsworth says ABC.
“The privacy and security of our customers’ and employees’ data remains of the utmost importance. We recognize and understand the impact this can have, and we communicate closely with our customers.”
Because the law firm naturally had business with the public sector, there are concerns about leaked documents containing sensitive or confidential information relating to affairs of state.
ABC lists the ANZ Banking Group, the governments of South Australia, Queensland and the ACT, the Department of Environment and Social Services and the Australian Taxation Office (ATO) as current or former customers of HWL Ebsworth and potentially affected by this incident.
Unfortunately, leaked documents on BlackCat’s site are easy to explore thanks to the threat group’s indexed database that allows visitors to filter search results by file name or file type.
BleepingComputer has contacted HWL Ebsworth to request a comment on the status of its operations and the progress of its internal investigation into the validity of the leaked data, but we have not yet received a response.