NAB, ANZ caught up in cyber breach

Data hack cyber breach NAB

Australian big four banks, NAB and ANZ, have revealed they are both clients of the recently cyber-hacked law firm, HWL Ebsworth (HWLE), which experienced a significant loss of personal information from its systems.

The breach, reportedly the work of Russian hackers, occurred in late April, with the law firm noting that the hacker had “accessed and exfiltrated certain information on a confined part of the firm’s system, but not on [its] core document management system”.

Around four terabytes of data were lost in the cyberattack, amassed from hundreds of thousands of client documents containing highly sensitive personal information, as reported by the AFR. This included health records, financial details and information concerning political and religious affiliations, sexual orientation and criminal records.

The law firm admitted in affidavits issued for a court-ordered injunction that the stolen data related to hundreds of clients and spanned at least five years.

NAB and ANZ both issued statements noting that while they had previously engaged HWLE for “some legal matters”, their systems were not compromised in the breach and “remain secure”.

Thus, any data loss tied to the banks is more than likely directly related to legal matters in which they engaged the law firm rather than any customer data.

The banks both said that they will work with HWLE “as they continue to get more information in relation to the content of these matters”.

ANZ added that it would “directly contact those employees and customers who may have been impacted and need to be notified”.

HWLE became aware on 9 June that a threat actor, identified as ALPHV/BlackCat, had published on a dark web forum a portion of the data they claimed to have exfiltrated from the law firm, which sat on its Melbourne servers.

The hackers, more than a week prior, initially demanded a ransom payment from the firm. However, when HWLE refused, the hackers retaliated by publicly releasing a portion of the stolen data.

In response, HWLE obtained a court-ordered injunction to restrict access to and dissemination of the leaked information.

HWLE claims to have already spent at least 5,000 hours and $250,000 responding to the Russia-linked hackers.

The law firm, one of the largest in Australia, represents a number of high-profile ASX-listed companies and government agencies.

Several government agencies, including the Office of the Australian Information Commissioner (OAIC) and the National Disability Insurance Agency (NDIA), have confirmed that their data was compromised in the breach.

HWLE in a statement said it continues to be “engaged in a comprehensive investigation into the nature and extent of the impact of the incident with the assistance of leading external cyber security experts.

“We are conducting a detailed and comprehensive review of the impacted data and informing impacted third parties and individuals as swiftly as we can.”

“’We have an ongoing engagement with relevant authorities in relation to this process, including the Office of the Australian Information Commissioner, the Australian Cyber Security Centre and law enforcement agencies in their ongoing investigation into the incident.”