The National Justice Project, a human rights law firm, has submitted a complaint to the Office of the Australian Information Commissioner (OAIC) on behalf of a National Disability Insurance Scheme (NDIS) participant who fears being impacted by a data breach at HWL Ebsworth Lawyers.
The law firm suffered a ransomware attack by the ALPHV group in May last year, resulting in the release of millions of documents on the darknet.
The breach affected 65 government agencies, including the National Disability Insurance Agency (NDIA), which in turn impacted NDIS participants, their families, and staff.
“The National Justice Project has intervened on behalf of those affected by the breach because it includes the personal and health records of vulnerable individuals living with a disability,” said National Justice Project CEO George Newhouse, as reported by Cyber Daily. “They may not have been provided with adequate support from HWL Ebsworth, NDIA, and other government departments and organisations to mitigate any harm arising from the breach.”
Richard Hamon, an NDIS participant with vision impairment, expressed concern about his ability to verify the authenticity of his emails. He reported that the breach has significantly impacted his mental and physical health, relationships, and overall quality of life. He also emphasised the need for stronger legal protections for individuals who are inadvertently affected by such incidents.
Greens Senator Jordon Steele-John echoed these concerns, calling for enhanced privacy protections for participant data and stricter regulations on information sharing practices.
“This speaks to the urgent need for stronger protections for participant’s privacy around their data, and also for better … rules around what information the agency has and when and how that information is shared with third parties,” he said, as reported by Cyber Daily.
The National Justice Project has also urged for immediate reforms in light of the breach.
The OAIC launched an investigation into HWL Ebsworth in February to scrutinise the firm’s data security practices and its response to the breach. It noted that the firm has various enforcement options if the investigation confirms privacy violations.
HWL Ebsworth said it is committed to cooperating fully with the OAIC investigation. It has reviewed the compromised data, notified affected individuals, and provided support services. It also obtained a legal injunction to prevent further dissemination of the confidential information.
