Scale of HWL Ebsworth hack revealed: 2.5m files, 65 agencies
Hackers stole 2.5 million documents from HWL Ebsworth clients in April and published about 1 million on the dark web in June, with some victims yet to be notified that their information has been compromised, the national cybersecurity coordinator has revealed.
Air Marshal Darren Goldie speaks at The Australian Financial Review Cyber Summit this week. Peter Rae
Air Marshal Darren Goldie also outlined the breadth of clients affected by the hack for the first time in a speech to The Australian Financial Review Cyber Summit this week, disclosing that dozens of federal departments and agencies had been affected.
“In all, 65 government agencies were involved in the breach which exposed substantial sensitive information,” Air Marshal Goldie said. “This included the AFP and Department of Home Affairs – two agencies central to the cyber incident response, while concurrently having to deal with their own data being exposed.”
Other known victims of the HWL Ebsworth hack include the Victorian government, major banks, insurers and numerous other ASX-listed companies.
He said the firm had been “immensely cooperative” with federal authorities about the hack and that the government’s coordinated response, which lasted 16 weeks, was now complete.
But Air Marshal Goldie cautioned that a hack of this size took a “significant time to work through”.
“While there is some benefit in getting that information into the public domain early on, I made the decision to allow HWL Ebsworth to notify individuals through NDIS providers and caregivers first before making the information public,” he said.
“In my view, this is the right decision… when, it comes to Australian citizens’ personal information. Those notifications are now substantially complete,
Read more on afr.com
