An infosec incident at a major Australian law firm has sparked fear among the nation's governments, banks and businesses – and a free speech debate.that on April 28,"we became aware that a threat actor identified as ALPHV/BlackCat made a post on a dark web forum claiming to have exfiltrated data from HWL Ebsworth."
The lawyers therefore hired investigators, who confirmed that"the threat actor had accessed and exfiltrated certain information on a confined part of the firm's system, but not on our core document management system." The investigation revealed that over four terabytes of info leaked, including documents describing clients and staff, as well as negotiations between the firm and ALPHV/BlackCat over ways to keep the incident quiet.The attackers later published some of the stolen data on the dark web.
Which is where things get interesting. HWL Ebsworth is the kind of big-end-of-town law firm that attracts governments and large corporates as clients. Those clients are now scrambling to understand if their data has leaked.