SolutionsHire top legal talent for any scope of workGet Started Contact us to find the best fit for any in-house or law firm role Testimonials Trusted by the world's leading legal departments FAQ Frequently asked questions about working with Legal.ioEmployer Resources Tools and guides for hiring managers A ransomware attack at HWL Ebsworth, one of Australia’s leading law firms, shows the importance of enforcing appropriate IT security measures.
In an era where digital information is increasingly becoming the lifeblood of organizations, the legal industry is no exception. Law firms, with their vast repositories of sensitive client and corporate data, are becoming lucrative targets for cybercriminals. The recent cyberattack on HWL Ebsworth, one of Australia’s leading law firms, underscores this growing threat.
On April 28, 2023, HWL Ebsworth fell victim to a ransomware attack orchestrated by the Russian-linked ALPHV/BlackCat ransomware group. On May 8, 2023, HWL Ebsworth communicated the incident to the Office of the Australian Information Commissioner (OAIC) – possibly a worrisome notification, since the OAIC is also a client of the firm.
The firm initially learned about the attack through emails that were assumed to be spam. The attack resulted in the theft of client information and employee data. The hackers issued a ransom demand of $4.6M in bitcoin. They later published 1.1TB of the data they claimed to have stolen, which was later established to be 3.6TB worth of data.
The Impact
The cyberattack on HWL Ebsworth had far-reaching implications. It affected 65 Australian government departments and agencies that were clients of the firm. The national cybersecurity coordinator, Air Marshal Darren Goldie, revealed that some people and clients with personal information exposed in the hack have yet to be informed.
In response to the attack, HWL Ebsworth engaged McGrathNicol to investigate the incident and undertake containment and remediation actions. HWL Ebsworth has dedicated more than 5,000 hours and a quarter of a million dollars to combatting the hacking incident. After 16 weeks of support, the Australian government’s formal coordinated response to the incident ended, with HWL Ebsworth now able to manage its response without formal assistance from the Australian government.
A Growing Threat to the Legal Industry
The HWL Ebsworth incident is a stark reminder of the growing cyber threats facing the legal industry. Law firms handle vast amounts of sensitive client and corporate data, making them attractive targets for cybercriminals. Furthermore, many law firms are still using outdated IT systems and are slow to adopt cybersecurity policies, making them easy targets for hackers.
Basic security measures like using up-to-date security software, using current versions of operating systems and software, promptly applying patches to the operating system and all application software, employing effective backup, and training of attorneys and staff, can help protect against these kinds of threats. As the threat landscape continues to evolve, the legal industry must stay one step ahead to safeguard its data and maintain the trust of its clients.
The European Union's regulatory actions, such as the Digital Markets Act, target major tech companies like Apple, Google, and Meta to ensure fair competition and consumer rights.
Published weekly on Friday, the Legal.io Newsletter covers the latest in legal, talent & tech.
In-house legal professionals share their thoughts on signature authority policy.
LawCatch Inc., the company behind BriefCatch legal editing software, has successfully raised $3.5 million in an oversubscribed seed round of funding. The lead investor in the funding round was TIA Ventures (www.tiaventures.com), and other notable participants included RiverPark Ventures, C2 Ventures, and Wilson Sonsini Investments Co. This investment round enables TIA Ventures to take a seat on LawCatch's board as well.
The 2023 Legal Department Operations Index found that the industry is facing a technology conundrum, with growing legal tech use but insufficient budgets.
In our recent webinar, distinguished legal trailblazers convened to delve into the various routes leading to leadership positions in legal operations. This enlightening session empowered participants with crucial tools, strategies, and perspectives to unleash their leadership capabilities and thrive within corporate in-house legal departments.
DOJ pushes Google to sell Chrome, share data, and consider divesting Android to address its search monopoly, drawing criticism from Google as extreme and overreaching.
I’m only Legal Counsel but seeing what my manager has to go through on a daily basis, I’m not sure I want their role (besides the prestige and money, or course).
Hearing exposes tech giants' child safety gaps, demands stronger measures.
