The four, made up of ANZ, Commonwealth Bank, National Australia Bank, and Westpac, have all revealed themselves as clients of HWL Ebsworth, whose systems were breached in early May, leading to an approximate 4 terabytes of data being stolen.
Of the four, NAB is the only bank that has confirmed that its data had been exposed after hackers from the ALPHV (also known as BlackCat) threat group behind the attack posted online that it had stolen data from it.
“We are aware that HWL Ebsworth, a law firm engaged by NAB for some legal services, has been impacted by a cyber attack,” said a spokesperson from the bank.
The bank added that while data contained by HWL Ebsworth may have been compromised, its own systems remain safe.
“NAB’s systems were not impacted and remain secure. We are working with HWLE as they continue to get more information in relation to the content of these matters.”
The other three banks have all said that they are working alongside HWL Ebsworth to determine exactly what data had been exposed, and if any of their customer’s data was at risk.
“ANZ is aware of the HWL Ebsworth (HWLE) cyber incident. ANZ’s systems have not been impacted,” said ANZ in a statement.
“ANZ is a client of HWLE for some legal matters.
“We are working with HWLE and others to understand and address the potential exposure, and we will directly contact those employees and customers who may have been impacted and need to be notified.”
The big four banks join several other major institutions as victims of the hack, with over 40 government agencies and departments including several bodies and authorities on cyber safety such as the Office of the Australian Information Commissioner (OAIC) and the Australian Federal Police (AFP) having been affected.
According to CyberCX’s director of cyber intelligence and public policy, Katherine Mansted, attacking high-profile targets such as major organisations and government is in line with ALPHV’s threat pattern of “big game hunting”.
“They’re one of the most prolific threat actors in Australia and have been for some time since they first emerged on the scene,” she told The Australian Financial Review.
“We have observed them compromise at least 14 Australian organisations and a lot of those are in the professional services sector.
“It’s been quite deliberate about the targets that it attacks; professional services in a sector that ALPHV assesses as having some pretty sensitive information that it can hold at risk.”
Ms Mansted added that ALPHV was the first threat group observed posting stolen data on the public internet rather than the dark web, in an effort to maximise the harm caused by exposing stolen data.
While ransomware demands are currently unknown, HWL Ebsworth has said that it is refusing to pay the hacking group what it’s asking.
“We take our ethical and moral duties to the community very seriously. We consider we have a fundamental civic duty to not, in any way, encourage or be seen to condone the criminal activity of extorting money by taking and threatening the publishing of other people's data,” the law firm told the ABC.
“The privacy and security of our client and employee data remains of the utmost importance. We acknowledge and understand the impact this may have, and we are communicating closely with our clients.”
For more cyber security news, click here.
Maja Garaca Djurdjevic
Maja's career in journalism spans well over a decade across finance, business and politics. Now an experienced editor and reporter across all elements of the financial services sector, prior to joining Momentum Media, Maja reported for several established news outlets in Southeast Europe, scrutinising key processes in post-conflict societies.
