Legal Aid ACT in contact with group claiming responsibility for cyber hack as investigation continues

A group based overseas that has claimed responsibility for the recent cyber attack on Legal Aid ACT has been in contact with the statutory body in recent days.

Legal Aid ACT CEO John Boersig said this morning that 10 people had so far been identified to contact regarding their data, but this could change as work continued.

Three of those known to have been impacted have yet to be contacted.

The highest priority for the commission was ensuring the safety of people Legal Aid had acted for in matters of family law, domestic violence or immigration.

Dr Boersig said they were specifically looking out for cases where there had been an order for privacy and a person’s address or information about where they lived had been kept private.

“We act for hundreds and hundreds of people. In most cases, the addresses are known to the perpetrator,” he said.

“If the risk is such that they need to be moved now, we will facilitate that. If they are comfortable at home, but there needs to be some security around that [we will also facilitate that].”

The commission is working closely with DVCS and ACT Policing to put safety plans in place and the Australian Federal Police on the criminal aspects of the case.

Legal Aid ACT was also ensuring affected clients had appropriate legal advice and Dr Boersig foreshadowed more legal protections could be put in place for clients if required.

Anyone concerned their data may have been accessed is encouraged to contact the commission.

Exactly how the alleged hackers accessed the data is being investigated by an independent forensic examination, but he assumed the motive behind the attack was money.

“It all comes back to money,” Dr Boersig said.

He confirmed he had not been in personal contact with the group but had instead been working through appropriate channels. He was reluctant to give further comment given those channels remained information.

Of immediate concern so far has been closing the door to the hackers by shutting down the internet and immediately moving all client data to iCloud storage.

That was expected to happen in the next three weeks, but the “intensely difficult” process had instead been worked through quickly by the commission’s staff this week.

Around 6 per cent of the commission’s data had been copied by the hackers, Dr Boersig said.

“I’m assuming everyone’s data is vulnerable … so I will take action on that basis,” he explained.

He described that as a “significant amount of data” and said it was a matter of deep concern.

It was becoming complex to pinpoint exactly what the hackers had taken in some cases, whether it might have been a brief, for example, or just the cover page.

A report will ultimately be prepared once the investigation has been completed, which will state how the hackers entered the system and what they were after.

That brief would protect vulnerable client data, Dr Boersig confirmed, but he would be transparent and open with the public about action taken by Legal Aid and whether any changes needed to be made.

Legal Aid ACT is required to store all vulnerable client data, Dr Boersig told an annual reports hearing.

Other ACT statutory bodies are reviewing their IT safety protocols after the Legal Aid attack.