Goodbye job applications, hello dream career
Seize control of your career and design the future you deserve with LW career

OAIC to open investigation into HWL Ebsworth hack

The Australian information commissioner is launching an investigation into the personal information handling practices of HWL Ebsworth Lawyers following the data breach suffered in May of last year.

user iconJerome Doraisamy 21 February 2024 Big Law
expand image

In a statement issued earlier today (Wednesday, 21 February), the Office of the Australian Information Commissioner (OAIC) – the nation’s data protection authority – announced it had commenced an investigation of HWL Ebsworth’s personal information handling practices, following the authority’s preliminary inquiries into the incident, which commenced in June 2023.

The OAIC’s investigation, it detailed, will explore the firm’s “acts or practices in relation to the security and protection of the personal information it held, and the notification of the data breach to affected individuals”.

The OAIC was notified of the incident when it occurred in May of last year, in which the national law firm fell victim to the ALPHV ransomware operation, which eventually published millions of documents on the darknet in the following month.

Given HWL Ebsworth’s work with many government agencies, the incident impacted agencies such as Home Affairs and the Australian Federal Police (AFP). More than 60 government agencies, in total, were affected.

Earlier this month, the National Office of Cyber Security released the results of the Lessons Learned Review into the attack suffered by the BigLaw practice.

Commissioner Angelene Falk will, the OAIC continued, “have a range of options available to her” should the authority’s investigation result in her being satisfied that an interference with the privacy of one or more individuals has occurred.

This includes, the authority’s statement noted, “making a determination, which can include declarations that HWLE take specified steps to ensure that the relevant act or practice is not repeated or continued, and to redress any loss or damage suffered by reason of the act or practice”.

“If the investigation finds serious or repeated interferences with [the] privacy of individuals, then the commissioner has the power to seek civil penalties against HWLE from the Federal Court of Australia,” it said.

In accordance with its privacy regulatory action policy, the OAIC will await the conclusion of the investigation before commenting further, it added.

The news follows HWL Ebsworth’s promotion, earlier this month, of 64 lawyers to more senior roles, including eight to its partnership.

In a statement provided to Lawyers Weekly, a spokesperson for the BigLaw firm said: “We note the announcement by the OAIC. The privacy and security of our client and employee data is of the utmost importance.”

“Since becoming aware of this incident, HWL Ebsworth’s focus has been to ensure that we properly reviewed the stolen data and informed those impacted as swiftly as we could, and we have worked closely with impacted organisations to notify all affected individuals. We have offered support services to impacted individuals and took the additional step of obtaining an injunction to restrain further publication or dissemination of confidential information,” the spokesperson outlined.

“We will co-operate fully with the OAIC as they investigate this incident.”

Jerome Doraisamy

Jerome Doraisamy

Jerome Doraisamy is the editor of Lawyers Weekly. A former lawyer, he has worked at Momentum Media as a journalist on Lawyers Weekly since February 2018, and has served as editor since March 2022. He is also the host of all five shows under The Lawyers Weekly Podcast Network, and has overseen the brand's audio medium growth from 4,000 downloads per month to over 60,000 downloads per month, making The Lawyers Weekly Show the most popular industry-specific podcast in Australia. Jerome is also the author of The Wellness Doctrines book series, an admitted solicitor in NSW, and a board director of Minds Count.

You can email Jerome at: This email address is being protected from spambots. You need JavaScript enabled to view it. 

You need to be a member to post comments. Become a member for free today!