NAB impacted by law firm cyber breach – report

The big bank was among the clients whose information was compromised in the April incident of a major law firm

NAB impacted by law firm cyber breach – report

The National Australia Bank was one of the clients of law firm HWL Ebsworth whose information was compromised when the firm experienced a data breach.

The cyberattack, the work of Russian hackers, occurred in April, according to a report by The Australian. It resulted in the compromise of approximately 1.4 terabytes of data. HWL Ebsworth, known for representing numerous ASX-listed companies and government agencies, lost hundreds of thousands of client documents among the millions that were accessed by the hackers.

The cybercriminals gained unauthorised access to individual employees' servers within HWL Ebsworth, allowing them to copy various documents and downloads, among other data, The Australian reported. However, NAB said that its own internal IT systems remain uncompromised, making it highly unlikely that there has been a large-scale theft of customer data. Instead, the data breach is expected to primarily affect specific legal matters in which NAB engaged HWL Ebsworth for advice and representation.

“We are aware that HWL Ebsworth, a law firm engaged by NAB for some legal services, has been impacted by a cyberattack,” a NAB spokesperson said. “NAB's systems were not impacted and remain secure. We are working with HWL Ebsworth as they continue to gather more information regarding the content of these matters.”

While NAB was not the direct target of the breach, the Australian Prudential Regulation Authority has warned that an eventual cyberattack on Australia’s big banks is “inevitable.” Australia is also one of the world’s most targeted countries when it comes to banking app malware.

Links to Russia

The ransomware group responsible for the HWL Ebsworth hack, known as BlackCat or Alpha Spider, is linked to Russia. Following their infiltration of HWL Ebsworth's Melbourne servers, the hackers attempted to extort the firm by demanding a ransom payment, The Australian reported. However, when the company refused to comply, the hackers retaliated by publicly releasing a portion of the stolen data. In response, HWL Ebsworth obtained an injunction to restrict access to and dissemination of the leaked information. Despite these efforts, numerous organisations, including government agencies, companies, and individuals, have been affected by the breach.

Affected parties must wait for HWL Ebsworth to inform them about the specific documents that have been compromised. However, some sources have expressed frustration with the injunction, as it has impeded their own independent forensic investigations into the extent of the breach.

Sensitive information exposed

Among the leaked data are documents spanning up to 20 years, including sensitive information related to the Woomera range missile testing site, Defence's attack helicopter replacement program, and Australia's engagement in the Indo-Pacific and Solomon Islands, The Australian reported.

The scope of the compromised data extends beyond legal documents, with personal data such as driver's licences also being leaked. While larger government departments have refrained from disclosing the full extent of their losses, smaller agencies such as the Office of the Australian Information Commissioner and the NDIS Quality and Safeguards Commission have confirmed that their data was compromised.

HWL Ebsworth said it is currently conducting a comprehensive review of the compromised data, The Australian reported. The law firm is also working closely with relevant authorities, including the Office of the Australian Information Commissioner, to ensure affected parties are promptly notified of the incident and provided with the necessary support and guidance.

Have something to say about this story? Let us know in the comments below.