Cyber incident affecting HWL Ebsworth

Published: 21 June 2023

Released by: Digital NSW

The Australian Government has been informed that HWL Ebsworth, a law firm used by various large commercial and government organisations has experienced a data breach.

ID Support NSW has supported HWL Ebsworth and collaborated with government cyber security and relevant Commonwealth agencies, to understand and assess the data that has been affected and the impact on customers.

  • On 1 May 2023, HWL Ebsworth reported a cyber incident involving ransomware and claims of data exfiltration and publication to the darkweb.
  • On 8 May 2023, HWL Ebsworth provided initial notification to the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breaches (NDB) scheme.
  • On 9 June 2023 HWL Ebsworth became aware that a threat actor had claimed to have published at least 1.4TB of exfiltrated data on the dark web.

The Government continues to actively engage HWL Ebsworth as it investigates the extent of the breach, including impacts on NSW Government agency information.

This process remains ongoing and will take time to complete due to the scale of the impacted data. The Government is continuing to work with HWL Ebsworth to understand and manage the potential consequences of the publication of the data.

Next steps

  • Be alert for scams referencing the HWL Ebsworth data breach.
  • Contact ID Support NSW for support and guidance. ID Support NSW provides assistance to those whose proof of identity credentials have been stolen or fraudulently obtained. ID Support advisors can answer your questions regarding restoring and safeguarding the security of your identity.

We can help 

We can help you check, restore and protect your identity from misuse and identity crime.

Call ID Support NSW on 1800 001 040  9am to 5pm, Monday to Friday, or opt for our easy online call back form

More information

Read the HWL Ebsworth data breach frequently asked questions.

HWL Ebsworth is working with clients, NSW Government and OAIC to meet relevant obligations under the Privacy Act 1988 and ensure affected individuals are notified as soon as possible. 

HWL Ebsworth has been granted an injunction by the Supreme Court of NSW regarding the 
information that threats actor claimed to have published, seeking to restrain the activities of the threat actor, and preventing additionally access by other parties.

Accessing stolen sensitive or personal information from the dark web is strongly discouraged as it is considered an offence to deal in stolen personal information and can result in up to 5 years' imprisonment.

Related departmental releases

Departmental release
21 October 2022
NSW Government welcomes Parliamentary AI inquiry
The NSW Government welcomes a NSW Parliamentary inquiry regarding the development and use of artificial intelligence (AI) across the State.
Departmental release
21 November 2021
Customer-centric innovation takes centre stage at Digital.NSW showcase
Digital innovations to create smarter cities and technology to use and protect customer identities will be at the forefront of the 2021 Digital.NSW Showcase on Tuesday and Wednesday.

See all departmental releases

Download as PDF Print this page
Top of page