Cyber Incident


On Friday 28 April 2023, HWL Ebsworth became aware that a threat actor identified as ALPHV/BlackCat made a post on a dark web forum claiming to have exfiltrated data from the firm.

The privacy and security of our client and employee data is of the utmost importance and investigations by HWL Ebsworth and McGrathNicol indicated:

  1. the threat actor had taken certain information on a confined part of the firm’s system and,
  2. for a three-week period in June 2023, some of the data was published on the threat actor’s dark web forum.

HWL Ebsworth understands that impacted organisations and individuals want to have a full understanding of any sensitive information that was accessed by the cyber criminals and we remain mindful of our responsibility to our clients and those individuals who have been affected.

For the vast majority of impacted organisations, notifications to affected individuals have been completed.


HWL Ebsworth completed a detailed analysis of all data that was accessed by the criminals. As the data set was large and unstructured this was a detailed and complex challenge.

Our priority has been to ensure that we properly review the data and inform those impacted as swiftly as we can. The analysis process took time but has now come to an end.

We have continued to work with impacted organisations in notifying all affected individuals, and that process is almost complete.

Since day one, we have worked closely with the government and all relevant authorities – including the Australian Cyber Security Centre and law enforcement agencies in their ongoing investigation into the incident.

We formally notified the incident to the Office of the Australian Information Commissioner and continue to keep them updated as we work with affected organisations to notify impacted individuals.

While the formal coordinated Australian Government response to this incident concluded on 18 September, we will continue to work directly with affected Australian Government agencies and private sector entities as necessary.


HWL Ebsworth took the step, unprecedented in Australia, of obtaining an injunction from the Supreme Court of New South Wales, seeking to restrain further publication or dissemination of confidential information.

The injunction was sought to protect the interests of impacted individuals and affected persons and has proven to be extremely successful. In the absence of the injunction, anyone with access to the dark web would not have had any legal restriction to accessing the published portion of the exfiltrated data for the short period of time that it was accessible.

Our approach has restricted the possibility of misuse of the exfiltrated data, while still ensuring that affected individuals are notified of their sensitive data that was impacted in this incident.


HWL Ebsworth appreciates the patience and understanding of those affected as we have worked through the impact of this incident. Working together with impacted organisations, we have been in the process of contacting individuals who have been impacted to provide information and offer direct assistance and we have established a dedicated channel for enquiries. Given the volume of data compromised, this process has taken some time to work through, but throughout that process, we have been committed to communicating with all impacted individuals as soon as possible.

Where we have confirmed that core identity information has been impacted – driver’s licence, passport, birth certificate details, for instance – we have offered Equifax Protect, a credit and identity monitoring service that helps reduce the risk of financial loss. HWLE has also partnered with IDCARE to provide impacted individuals with tailored and specific advice at no cost. Details on how to access these support services will be communicated directly to impacted persons, or see the contact details below.


If you are an individual who has been involved in a matter in which HWL Ebsworth acted for one of the parties, and you are concerned your personal information may be affected but you have not received a notification, please email with your query. We will be able to clarify whether or not you are impacted and provide you with further assistance as necessary.

If you have any other queries, including in relation to the support that is available if you are impacted, please email

Contact us