OAIC to investigate legal consultant’s data breach

The Australian Information Commissioner has launched an investigation into a law firm that provides legal and consulting services to the government, in relation to a data breach and the publication of some of that data on the dark web.

Angelene Falk: power to seek civil penalties

At least 65 government entities were affected by the breach last year.

The announcement on Wednesday follows preliminary inquires into HWL Ebsworth Lawyers by the OAIC after it was notified of the breach on May 8 2023.

It also comes after the Department of Home Affairs said last September that the government’s formal response to the incident had concluded.

According to a statement from Home Affairs on September 18 2023, 65 government  entities were affected by the breach as direct clients of HWLE’s legal and consulting services, as well as a large number of private sector clients.

The current investigation will look at HWLE’s practices in relation to the security and protection of the personal information it held, and the notification of the data breach to affected individuals, the OAIC says.

Outgoing commissioner Angelene Falk has a range of options once her investigation is over, including seeking civil penalties against HWLE in the federal court.

Organisations are required under commonwealth privacy laws to notify affected individuals of data breaches as soon as is practicable.

In a statement on its website HWLE says it became aware on April 28 2023 that a “threat actor” identified as ALPHV/BlackCat had posted on the dark web that it had obtained data from the firm.

Some of the data was published on the dark web over a three week period in June 2023.

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at editorial@governmentnews.com.au.  

Sign up to the Government News newsletter

Leave a comment:

Your email address will not be published. All fields are required