Highly sensitive legal documents from the Victorian government’s departments and agencies have been published on the dark web by cybercriminals.
The breach is connected to data that was stolen from the law firm HWL Ebsworth in April by a Russian-linked ransomware gang, known as ALPHV/Blackcat, and posted online.
The state government said it is working in partnership with federal authorities and it would attempt to notify affected people as soon as possible.
The state’s chief information security officer, David Cullen, on Friday confirmed information related to Victorian government departments and agencies had been posted online.
“HWL Ebsworth has now confirmed that information relating to its work with several Victorian Government departments and agencies has been released by cyber criminals to the dark web,” he said in a statement.
“We are taking this matter extremely seriously, and are working in partnership with the commonwealth government.”
Cullen said there was no direct breach of the government’s IT systems.
HWL Ebsworth has contacted departments and agencies affected by the hack to confirm what information has been exposed.
Last month, the law firm obtained an injunction order in the NSW supreme court in a bid to prevent the hackers from disclosing its stolen information. The order was also an attempt to prevent dissemination of the published material.
One outcome of the injunction is that HWL Ebsworth clients must wait for the firm to inform them if their sensitive information has been caught up in the breach.
HWL Ebsworth has several hundred clients, including dozens of federal government agencies, according to Austender contracts. A recent study by cybersecurity firm Palo Alto Networks found Blackcat was one of the top three ransomware groups targeting Australia.
On Tuesday the national cybersecurity coordinator, Darren Goldie, met with commonwealth, state and territory agencies and HWL Ebsworth about the law firm’s affected clients.
Goldie described the breach as an “evolving incident” and said there could be additional impacts that had not yet been identified.
A Victorian government spokesperson said it was working with the law firm to understand the extent of the data breach.
“We have been advised by HWL Ebsworth that information affected includes highly sensitive documents from legal files with state government departments and agencies,” they said.
“We know this could be a distressing situation for the people affected and we are working to notify all those affected as soon as possible.”
They said Victorian government departments and agencies will provide tailored advice and support to people affected by the breach.
The law firm has partnered with Australia’s national identity and cyber support community service, IDCARE, to provide assistance for people affected, the chief information security officer said.