Law firm HWL Ebsworth responds to privacy probe
Make us a preferred source
Make us a preferred source on Google
More news: Law firm HWL Ebsworth has responded to news today that the privacy regulator will conduct a formal investigation of its handling of a mass data breach last year.
What they said: "Since becoming aware of this incident, HWL Ebsworth’s focus has been to ensure that we properly reviewed the stolen data and informed those impacted as swiftly as we could, and we have worked closely with impacted organisations to notify all affected individuals," a spokesperson for the law firm has said.
"We have offered support services to impacted individuals and took the additional step of obtaining an injunction to restrain further publication or dissemination of confidential information.
"We will co-operate fully with the OAIC as they investigate this incident."
Law firm HWL Ebsworth faces investigation over data breach
The news: Law firm HWL Ebsworth is facing an investigation by the Office of the Australian Information Commissioner, linked to a data breach it reported to the regulator on 8 May, 2023.
The investigation, which follows initial inquiries by the regulator, will look at what HWL Ebsworth was doing at the time of the breach to protect personal information, as well as how affected individuals were notified.
The numbers: Under Australian privacy law, the OAIC could decide to pursue civil penalties against HWL Ebsworth before the Federal Court of Australia, depending on its findings.
Maximum penalties for privacy breaches are either the greater of $50 million, three times the value of the benefit obtained directly or indirectly by the company, that is reasonably attributable to the contravening conduct, or if a court cannot determine the value of that benefit, or 30% of the company's adjusted turnover during the period of the contravening conduct.
The context: HWL Ebsworth says it became aware of a dark web forum post by ALPHV/BlackCat claiming to have taken data from the firm. The law firm said its own investigations indicated information on a confined part of its system had been accessed and for a three-week period in June 2023. Some of that data was published on the web forum.
The law firm sought and obtained a Supreme Court of New South Wales injunction to restrain the publication or dissemination of confidential information. The injunction is permanent.
The OAIC gained increased privacy penalties in late 2022, following major cyber attacks and data breaches at Medibank Private and Optus.
The source: OAIC
