Big Four Bank Data Lost in HWL Ebsworth Cyber-Attack

Written by staff writer.

At least four Australian banks are caught up in a major ransomware attack on law firm HWL Ebsworth. In recent days, Westpac, NAB, the Commonwealth Bank, and ANZ are among the many public and private sector entities who may have had data stolen.

In April, the BlackCat ransomware gang (also known as ALPHV) successfully accessed HWL’s servers in Melbourne and stole four terabytes of data. Included in the data taken was local and remote company credentials, credit card information and loans data, customer documentation including identification details, insurance agreements, and internal company data.

“The investigation indicates the threat actor had accessed and exfiltrated certain information on a confined part of the firm’s system, but not on our core document management system,” reads a statement issued by HWL Ebsworth.

Last week, the law firm obtained an injunction in the NSW Supreme Court ordering BlackCat, a Russian hacking group, from releasing any further data that detailed the affairs of hundreds of client entities. Thus far, HWL Ebsworth has refused to pay the reported AUD5 million ransom demand. As a result, BlackCat has posted some of the stolen data online.

Professor Monica Whitty, Head of the Department of Software Systems and Cybersecurity at Monash University, says clients and the general public deserve to know more about the breach and how the hackers obtained so much information.

“Customers also need to understand what to do next to protect themselves as a consequence of a potential breach,” she said. “In the long term, organisations need to improve their cybersecurity, technical and human defences. This is an urgent and non-trivial matter.”

The big four banks are saying little about their exposure in the hack other than confirming they were HWL Ebsworth clients. In their statements, they stress their servers were not compromised. Instead, at risk was data provided to and retained by the law firm. Only the NAB has said some of its data was among the 1.4 terabytes publicly released after HWL Ebsworth rebuffed the hackers’ demands.

“ANZ is a client of HWL Ebsworth for some legal matters,” says a statement issued by that bank. “We are working with HWL Ebsworth and others to understand and address the potential exposure, and we will directly contact those employees and customers who may have been impacted and need to be notified.”

The cyber-attack has captured the attention of boardrooms and agency heads nationwide. In addition to the banks, numerous ASX-listed companies and government agencies, including the ACCC, the Department of Human Services, the Office of the Australian Information Commissioner (OAIC) and the Australian Federal Police, have lost data. On June 23, the Australian Government will announce the appointment of Air Vice-Marshal Darren Goldie as the first co-ordinator of cybersecurity. In what’s billed as a governmental response to attacks like the one on HWL Ebsworth, Goldie’s role will be to respond to cyber hacks and threats.

Meanwhile, the HWL Ebsworth cyber-attack isn’t the only one currently causing boardroom ructions. More local entities, including most recently PwC Australia, have confirmed that they lost data in the May MOVEit hack. Since mid-June, the Cl0p ransomware gang has been posting profiles of entities whose data they have in an attempt to squeeze payment from them.