The Tasmanian government is one of the law firm’s clients. The government was aware of the initial hack but is only now being made aware that some of the firm’s information is being leaked online.

Madeleine Ogilvie, Minister for Science and Technology, announced the possible breach in a statement on 9 June.

“This is concerning, and we are working closely with the Australian government to establish if any Tasmanian information has been impacted,” Minister Ogilvie said.

“While this may take some time considering the volume of data involved — we are taking swift action and will keep the Tasmanian community informed with further developments.”

The Russian-backed ALPHV ransomware group allegedly claimed HWL Ebsworth’s scalp in early May, boasting on its dark web site that it had stolen employee data, including accounting details, insurance data, and more. The group also had in its possession an unknown amount of client data, which included credit card details and financial information, as well as network maps and credentials.

At the time, HWL Ebsworth notified the Australian Cyber Security Centre and said that it would continue to work with it throughout the course of the subsequent investigation.

This is the second time this year that the Tasmanian government has faced a serious data breach relating to a third-party hack.

VIEW ALL

Personally identifiable information from the Tasmanian Department for Education, Children and Young People was compromised in April 2023, following on from a hack on Fortra’s GoAnywhere MFT cloud service, which occurred on 30 January of this year. That hack affected 130 organisations, and the Clop ransomware gang took credit for the original exploit.

Tasmania reported at the time that 16,000 individual documents were affected, including names and addresses, school details, children’s names, and some bank account details.