Highly sensitive government information stolen during a cyber attack on a top law firm has been leaked to the dark web.
The data was taken during a hack on law firm HWL Ebsworth earlier this year.
The Victorian government on Friday said it was aware a number of files had been released and was working out the extent of the compromise.
"We have been advised by HWL Ebsworth that information affected includes highly sensitive documents from legal files with state government departments and agencies," a government spokeswoman said.
"We know this could be a distressing situation for the people affected and we are working to notify all those affected as soon as possible."
Victoria's Chief Information Security Officer David Cullen said there had been no direct breach of the government's IT system.
He said the government expected all suppliers to maintain strong cyber security measures to protect data.
HWL Ebsworth has commercial and government clients in every state and territory.
It has previously said it would not submit to the hacker's demand for ransom.
The government data breach is likely to be highly significant, according to John Burgess who manages cyber security and IT programs at Victoria University.
"It's likely that the attacker has been attempting to leverage their position in order to increase their extortion demands," Mr Burgess told AAP.
"It's quite a common practice of these groups to drip feed the information because that puts more and more pressure on the victim to comply with their demands."
He said the criminals could have access to a trove of information related to both government and private sector work so more leaks were likely.
Cyber security consultant and Gridware chief executive Ahmed Khanji said it was possible the hackers released the data in a bid to bolster their standing in the criminal business.
"They need to show that the threat is real, so even if HWL Ebsworth wasn't in negotiations with them it's very likely that what these threat actors are doing is building their modus operandi, their reputation, in the cyber threat community," Mr Khanji said.
He described the release of data as just the latest development in a game of cat and mouse between cyber security experts and hackers.
"A lot of Australian organisations are unprepared for the velocity and the seriousness of the organised crime that cyber threat actors are at the moment," Mr Khanji said.
Australia's top cyber security co-ordinator Air Vice-Marshal Darren Goldie last week said several government entities had been impacted by the hack.
In June, the Tasmanian government said it had been contacted by the federal government about an "illegal release" of data on the dark web which was stolen in the law firm attack.
That was the same month hackers from Russia claimed to have published data stolen during the hack.
Anyone impacted can seek support from Australia's national identity and cyber support community service, known as IDCARE.