HWL Ebsworth hack: Queensland says its files were taken after criminals release Victorian documents – Source: www.theguardian.com

Highly sensitive legal documents from the Victorian government have been published on the dark web by cybercriminals, with Queensland also confirming files from at least one of its departments are included in the breach.

The breach is connected to data that was stolen from the law firm HWL Ebsworth in April by a Russian-linked ransomware gang, known as ALPHV/Blackcat, and posted online.

The Victorian government said it is working in partnership with federal authorities and it would attempt to notify affected people as soon as possible.

The state’s chief information security officer, David Cullen, on Friday confirmed information related to Victorian government departments and agencies had been posted online.

• Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

“HWL Ebsworth has now confirmed that information relating to its work with several Victorian Government departments and agencies has been released by cyber criminals to the dark web,” he said in a statement.

“We are taking this matter extremely seriously, and are working in partnership with the commonwealth government.”

Cullen said there was no direct breach of the government’s IT systems.

HWL Ebsworth has contacted departments and agencies affected by the hack to confirm what information has been exposed.

On Friday night the Queensland government said HWL Ebsworth had advised that “documents relating to a limited number of department’s [sic] files were included in the breach”.

“The Department of Home Affairs continues to work with HWL Ebsworth and affected government agencies as it investigates the extent of the breach, including exposure of Queensland government information and related consequences arising from this exposure,” a state government spokesperson said.

“The Queensland government takes the privacy of its data holdings seriously and is working with HWL Ebsworth to understand what information may have been disclosed.

“Should our clients’ personal information be affected, the individual departments will work with HWL Ebsworth to ensure affected individuals are notified as soon as possible, and offer assistance and support as required.”

Last month, the law firm obtained an injunction order in the NSW supreme court in a bid to prevent the hackers from disclosing its stolen information. The order was also an attempt to prevent dissemination of the published material.

One outcome of the injunction is that HWL Ebsworth clients must wait for the firm to inform them if their sensitive information has been caught up in the breach.

HWL Ebsworth has several hundred clients, including dozens of federal government agencies, according to Austender contracts. A recent study by cybersecurity firm Palo Alto Networks found Blackcat was one of the top three ransomware groups targeting Australia.

On Tuesday the national cybersecurity coordinator, Darren Goldie, met with commonwealth, state and territory agencies and HWL Ebsworth about the law firm’s affected clients.

Goldie described the breach as an “evolving incident” and said there could be additional impacts that had not yet been identified.

A Victorian government spokesperson said it was working with the law firm to understand the extent of the data breach.

“We have been advised by HWL Ebsworth that information affected includes highly sensitive documents from legal files with state government departments and agencies,” they said.

“We know this could be a distressing situation for the people affected and we are working to notify all those affected as soon as possible.”

They said Victorian government departments and agencies will provide tailored advice and support to people affected by the breach.

The law firm has partnered with Australia’s national identity and cyber support community service, IDCARE, to provide assistance for people affected, the chief information security officer said.