Australian Privacy Breach, 16 November 2022

Legal Aid ACT refuses to pay ‘not insignificant’ ransom to hackers who stole data of Canberra domestic violence survivors

Canberra domestic violence victim-survivors, refugees and people with disabilities are among those caught up in the breach

Company Statement: LEGAL AID ACT CYBER INCIDENT
Source: Legal Aid ACT refuses to pay ‘not insignificant’ ransom to hackers who stole data of Canberra domestic violence survivors | ABC News Australia

View more incidents from Australian Capital Territory, and the Charities and Not For Profit sector.

In statements from Legal Aid ACT – “On Thursday 3 November 2022, Legal Aid ACT was subject to a cyber incident. They moved quickly to protect our systems and engaged a specialist cyber security firm to investigate this incident.” “On Sunday 6 November 2022, we confirmed client information was copied by the cybercriminals. Some of this information is personal information about private client matters related to the services provided by Legal Aid ACT.”

Many domestic violence victim-survivors who have sought help from Legal Aid ACT already fear that their perpetrators will track them down. Now, that risk has been heightened.

Cybercriminals have stolen the legal service’s data and have demanded a ransom, which has been refused.

Legal Aid ACT chief executive Dr John Borsig said the decision to refuse the demands of the hackers was “very hard” and “awful” for clients, as there was now a risk that the private information of socially and economically disadvantaged Canberrans would be publicly and maliciously released.

After discovering the hack, which occurred on November 3, Legal Aid ACT staff contacted hundreds of affected clients and identified about 15 individuals or families who would need immediate assistance to mitigate risks.