Federal police caught up in huge law firm data breach

Federal police officers had their data published on the dark web after the HWL Ebsworth hack. (Lukas Coch/AAP PHOTOS)

Federal police officers have been caught up in a major cyber attack that’s exposed a number of government departments.

The Australian Federal Police Association (AFPA) confirmed some members had their data breached in the hack on law firm HWL Ebsworth earlier this year.

The association did not reveal what data had been stolen but reports suggest it includes officer names and email addresses.

Bookstore chain Dymocks also confirmed it had been the subject of a major data breach, in a notice to customers released late on Friday.

More than 1.24 million Dymocks customers have had their names, address, phone, email, birth date and other information leaked and made available on the dark web.

Dymocks blamed the leak on an "external data partner" and said highly sensitive financial information such credit card details and passwords were not compromised.

"We are very sorry this has happened and continue to work hard with our forensic experts and cyber security advisors to establish how this occurred," the company said.

HWL Ebsworth’s systems were breached in April and the firm did not give in to demands for a ransom payment, a move commended by Home Affairs Minister Clare O’Neil.

The AFPA said it was supporting members who have had their data breached and encouraged all affected people to contact them for support.

“Affected members have approached the AFPA and we are aware of the issue and hold concerns about the impact this data breach may have on them,” AFPA president Alex Caruana said.

“We believe our members' information has been placed on the dark web and we trust the AFP to investigate this matter and look after the affected members.”

Mr Caruana said the association supported the federal government’s recent appointment of a national cyber security coordinator.

Government departments that have had their data accessed in the breach include the Fair Work Ombudsman and the National Disability Insurance Scheme.

Anyone impacted can seek support from Australia's national identity and cyber support community service, known as IDCARE.

Meanwhile, the Medicare and Centrelink numbers of thousands of Services Australia clients could have been disclosed in a Russian hack.

TPG's Australian pathology business TissuPath said no test information or billing details had been exposed in the data breach on August 24.

But patient request forms dating from 2011 to 2020 had been released by Russian hackers ALPHV.

Services Australia has started a data matching program using information provided by TissuPath about customers affected by the breach.

The federal agency said initial analysis provided by TissuPath indicated "there may be approximately 140,000 to 240,000 impacted credentials", but it was not known how many people were affected.

The agency will compare data provided by TissuPath - including card number, expiry date, customer name, dates of birth and addresses - to Medicare and Centrelink customer records.

"This will assist the agency to identify affected customers and apply proactive security measures to affected customer records," the agency said in a government gazette notice.

License this article

What is AAPNews?

For the first time, Australian Associated Press is delivering news straight to the consumer.

No ads. No spin. News straight-up.

Not only do you get to enjoy high-quality news delivered straight to your desktop or device, you do so in the knowledge you are supporting media diversity in Australia.

AAP Is Australia’s only independent newswire service, free from political and commercial influence, producing fact-based public interest journalism across a range of topics including politics, courts, sport, finance and entertainment.

What is AAPNews?
The Morning Wire

Wake up to AAPNews’ morning news bulletin delivered straight to your inbox or mobile device, bringing you up to speed with all that has happened overnight at home and abroad, as well as setting you up what the day has in store.

AAPNews Morning Wire
AAPNews Breaking News
Breaking News

Be the first to know when major breaking news happens.


Notifications will be sent to your device whenever a big story breaks, ensuring you are never in the dark when the talking points happen.

Focused Content

Enjoy the best of AAP’s specialised Topics in Focus. AAP has reporters dedicated to bringing you hard news and feature content across a range of specialised topics including Environment, Agriculture, Future Economies, Arts and Refugee Issues.

AAPNews Focussed Content
Subscription Plans

Choose the plan that best fits your needs. AAPNews offers two basic subscriptions, all billed monthly.

Once you sign up, you will have seven days to test out the service before being billed.

AAPNews Full Access Plan
Full Access
AU$10
  • Enjoy all that AAPNews has to offer
  • Access to breaking news notifications and bulletins
  • Includes access to all AAPNews’ specialised topics
Join Now
AAPNews Student Access Plan
Student Access
AU$5
  • Gain access via a verified student email account
  • Enjoy all the benefits of the ‘Full Access’ plan at a reduced rate
  • Subscription renews each month
Join Now
AAPNews Annual Access Plan
Annual Access
AU$99
  • All the benefits of the 'Full Access' subscription at a discounted rate
  • Subscription automatically renews after 12 months
Join Now

AAPNews also offers enterprise deals for businesses so you can provide an AAPNews account for your team, organisation or customers. Click here to contact AAP to sign-up your business today.

SEVEN DAYS FREE
Download the app
Download AAPNews on the App StoreDownload AAPNews on the Google Play Store