๐Ÿ”’breach.co.nz ยท the NZ & Australia breach register ๐Ÿ›ก๏ธ A Govern service
Register โ€บ ๐Ÿ‡ฆ๐Ÿ‡บ AU โ€บ Legal

HWL Ebsworth

๐Ÿ‡ฆ๐Ÿ‡บ National (Australia) ยท HWL Ebsworth Lawyers ยท Record AU-2023-0072
โ—‹ Reported โ€” awaiting official confirmation
Reported โ€” awaiting official confirmation. The facts below are drawn from the organisation's own disclosure and credible reporting. Figures are as reported; unknowns are labelled, not estimated by us.
People affected
Not disclosed
Breach date
2023-04
Regulator
OAIC; multiple government agencies
Trust tier
B ยท Reported

Data exposed

Legal and government client documents; personal information of individuals Company-confirmed
Data linked to ~65 Australian government agencies Media-reported

Confidence: Confirmed = regulator/court ยท Company-confirmed = the organisation's own disclosure ยท Media-reported = press. Figures without an official source are labelled, not estimated.

What happened

In April 2023 the national law firm HWL Ebsworth was hit by the ALPHV/BlackCat ransomware group, which exfiltrated a large volume of legal and government client documents and later published data when a ransom was not paid [hwle]. The breach reached data linked to around 65 Australian government agencies as well as private clients and individuals [nswgov-hwle]. The total number of individuals affected was not officially quantified and is not estimated here.

Timeline

  • 2023-04 โ€” ALPHV/BlackCat ransomware attack; data exfiltrated [hwle].
  • 2023-06 โ€” Confirmed impact across government agencies and clients; notifications began [nswgov-hwle].

Current status

Resolved operationally, with extensive government and individual notification. Figures are as reported. [nswgov-hwle]

Why it matters

A landmark supply-chain-style breach: attacking one professional-services firm exposed the sensitive data of dozens of government agencies at once โ€” a defining Australian legal-sector incident.