Fair Work Ombudsman hit in HWLE attack
The HWL Ebsworth supply chain attack has claimed yet another government victim, this time being the federal Fair Work Ombudsman.
In a statement issued online yesterday (17 July), the Fair Work Ombudsman reported that a limited number of files were included in the HWL Ebsworth breach.
“Support and assistance will be provided to these individuals.”
In addition, the Ombudsman said that despite its files being affected by the breach, its own systems remain secure.
“Importantly, none of our systems have been compromised by the cyber incident,” the Ombudsman said.
The HWL Ebsworth breach was first detected back in April and has led to a large number of major organisations, such as the big four banks, as well as over 40 state and federal government agencies and departments being affected.
In the last few days, both the Victorian and Queensland governments confirmed that they had sensitive files exposed as a result of the cyber attack, while the Australian Federal Police (AFP) and the Office of the Australian Information Commissioner have both also named themselves as victims.
“The Department of Home Affairs is investigating the extent of the breach, including exposure of the Australian government’s information, including personal information.
“We’re also working with HWL Ebsworth to understand what information of ours may have been disclosed.
“We take our obligations under the Privacy Act 1988 seriously, and we’re committed to ensuring appropriate systems are in place to maintain the privacy and the protection of personal information.”
Home Affairs recently appointed Australia’s national cyber security coordinator, who has quickly said that his top priority is to investigate the HWL Ebsworth attack.
“My first order of business as national cyber security coordinator was to seek briefings from the Department of Home Affairs and HWL Ebsworth on the status of the response to the cyber incident,” said Air Marshal Darren Goldie, who was appointed to the role in June.
“I am actively engaging with HWL Ebsworth to understand the complete picture of this incident, including how their private industry clients have been impacted, as the data analysis continues.”
HWL issued an update on the incident last Friday (14 July), saying that the investigation is ongoing and that it is determined to keep the public informed and ensure its systems are secure.
“As we contend with the scale and complexity of this challenge, our priority is to ensure that we properly review the data and inform those impacted as swiftly as we can,” it said.
“This is not a simple or quick task. The data set is large and unstructured and includes a complex mix of different types of documents and information, affecting many different stakeholders.”
This article was originally published in Lawyers Weekly's sister publication, Cyber Security Connect.