Some National Disability Insurance Scheme (NDIS) participants, prospective participants, their families and carers, and staff have been affected by a law firm’s data breach, the National Disability Insurance Agency (NDIA) has confirmed.
“While the NDIA's systems have not been compromised, HWL Ebsworth is an external law firm that provides legal services to private clients and government agencies, including the NDIA,” the NDIA said. “Please be assured the NDIA is taking this matter extremely seriously and is taking measures to protect participant data and information security. We sincerely apologise for any distress caused.”
In late April, law firm HWL Ebsworth became aware of dark web forum claims from cyberattacker ALPHV/BlackCat that the former’s data had been obtained in a cyber incident.
The NDIA is working with HWL Ebsworth to identify, notify, and support those affected by the data breach, the agency said. It is also taking additional precautions to protect potentially affected individuals, including actively monitoring plans and account transactions for unusual or suspicious activities, it confirmed.
“The NDIA is working closely with HWL Ebsworth and other affected government agencies, including law enforcement, to limit the impact on participants,” the agency said.
People with Disability Australia (PWDA), a national disability rights and advocacy organisation, has advised people with disabilities to remain vigilant to suspicious activities following the data breach.
“While news of the breach is understandably distressing for anyone who interacts and shares their personal information with the NDIS, we are reassured that both the NDIS and the Department of Social Services (DSS) are doing everything they can to support those impacted while ensuring any risk of this happening again in the future is mitigated,” said PWDA president Nicole Lee.
The PWDA has reached out to the Office of the Minister for the NDIS Bill Shorten to discuss steps being taken to address the breach.
Minister Shorten said: “I have been assured the NDIA is taking this matter extremely seriously and is taking measures to protect participant data and information security.”