Optus reported a data breach less than a year after one of Australia's largest cyber attacks.

The telco, which was a victim of the first of the major three cyberattacks in the past ten months along with Medibank and Latitude Financial, admitted that the HWL Ebsworth attack exposed some of its data.

The Office of the Australian Information Commissioner is one of dozens of government agencies trying to determine how much data was breached in a HWL Ebsworth hack.

The hacked data includes information from an Office of the Australian Information Commissioner (OAIC) investigation into Optus that began in 2021, but Optus has not confirmed if it includes customer data and personal information.

HWL Ebsworth immediately hired McGrathNicol to investigate and contain the threat.

The threat actor accessed and exfiltrated certain information on the firm's confined system, but not on our core document management system.

HWL Ebsworth discovered on 9 June 2023 that ALPHV/BlackCat had posted on a dark web forum on Friday, April 28, 2023, claiming to have exfiltrated HWL Ebsworth which stole 1.45 terabytes of data from the law firm.

In a statement, HWL Ebsworth said they continue to be engaged in a comprehensive investigation into the nature and extent of the impact of the incident with the assistance of leading external cyber security experts.

“We are conducting a detailed and comprehensive review of the impacted data and informing impacted third parties and individuals as swiftly as possible. We have an ongoing engagement with relevant authorities in relation to this process, including the Office of the Australian Information Commissioner, the Australian Cyber Security Centre and law enforcement agencies in their ongoing investigation into the incident” HWL Ebsworth said.

Katherine Mansted, CyberCX's director of cyber intelligence and public policy, says ALPHV's "big game hunting" involves attacking major organisations and government.

“They’re one of Australia’s most prolific threat actors and have been since they first emerged on the scene,” she told the AFR.

“They compromised at least 14 Australian organisations, many of which are professional services firms.

It targets professional services in a sector ALPHV considers to have sensitive information.

ALPHV's public posting of stolen data is considered particularly brutal.

HWL Ebsworth insists on not paying ransom and protecting the community.

“We take our community duties seriously. "We consider we have a fundamental civic duty to not encourage or be seen to condone the criminal activity of extorting money by taking and threatening to publish other people's data," the law firm told the ABC.

Before you go..

You can get RedWires AU for free right now. Your donation, no matter how big or small, will help us keep doing honest journalism.

The readers of Redwires AU are the engine that drives our publication. Add your support to the effort to create a sustainable future for journalism that does not make compromises in the AU.

In the world we live in now, accurate and thorough reporting and analysis are becoming more and more important. To stop the spread of false information, it's very important that everyone in Australia has access to good reporting.

The Redwires AU contributes to society by opening up access to information and resources for all people, rather than just a select few.

Our only goal is to educate the general public more thoroughly. If you believe in what we're trying to accomplish here, please consider making a contribution right away to ensure our success in the years to come.

Upgrade your subscription to get the most out of it. Join the growing number of people around the world who believe in the power of independent media.