9 November 2022

Legal Aid ACT in contact with group claiming responsibility for cyber hack as investigation continues

| Lottie Twyford
Start the conversation
Legal Aid ACT CEO John Boersig.

Legal Aid ACT CEO John Boersig appeared before annual reports hearings this morning (9 November) where he was questioned about the recent cyber attack. Photo: Region.

A group based overseas that has claimed responsibility for the recent cyber attack on Legal Aid ACT has been in contact with the statutory body in recent days.

Legal Aid ACT CEO John Boersig said this morning that 10 people had so far been identified to contact regarding their data, but this could change as work continued.

Three of those known to have been impacted have yet to be contacted.

The highest priority for the commission was ensuring the safety of people Legal Aid had acted for in matters of family law, domestic violence or immigration.

READ ALSO ‘Diminished’ performance of homelessness intake service OneLink revealed in new report

Dr Boersig said they were specifically looking out for cases where there had been an order for privacy and a person’s address or information about where they lived had been kept private.

“We act for hundreds and hundreds of people. In most cases, the addresses are known to the perpetrator,” he said.

“If the risk is such that they need to be moved now, we will facilitate that. If they are comfortable at home, but there needs to be some security around that [we will also facilitate that].”

The commission is working closely with DVCS and ACT Policing to put safety plans in place and the Australian Federal Police on the criminal aspects of the case.

Legal Aid ACT was also ensuring affected clients had appropriate legal advice and Dr Boersig foreshadowed more legal protections could be put in place for clients if required.

Anyone concerned their data may have been accessed is encouraged to contact the commission.

READ ALSO ‘You were mistaken’: Chief Minister urged to right the record over dangerous driving petitions

Exactly how the alleged hackers accessed the data is being investigated by an independent forensic examination, but he assumed the motive behind the attack was money.

“It all comes back to money,” Dr Boersig said.

He confirmed he had not been in personal contact with the group but had instead been working through appropriate channels. He was reluctant to give further comment given those channels remained information.

Of immediate concern so far has been closing the door to the hackers by shutting down the internet and immediately moving all client data to iCloud storage.

That was expected to happen in the next three weeks, but the “intensely difficult” process had instead been worked through quickly by the commission’s staff this week.

Around 6 per cent of the commission’s data had been copied by the hackers, Dr Boersig said.

“I’m assuming everyone’s data is vulnerable … so I will take action on that basis,” he explained.

He described that as a “significant amount of data” and said it was a matter of deep concern.

READ ALSO Canberra 2040: road toll – and how to fix it – weighs heavy on teenagers’ minds

It was becoming complex to pinpoint exactly what the hackers had taken in some cases, whether it might have been a brief, for example, or just the cover page.

A report will ultimately be prepared once the investigation has been completed, which will state how the hackers entered the system and what they were after.

That brief would protect vulnerable client data, Dr Boersig confirmed, but he would be transparent and open with the public about action taken by Legal Aid and whether any changes needed to be made.

Legal Aid ACT is required to store all vulnerable client data, Dr Boersig told an annual reports hearing.

Other ACT statutory bodies are reviewing their IT safety protocols after the Legal Aid attack.

Start the conversation

Daily Digest

Want the best Canberra news delivered daily? Every day we package the most popular Riotact stories and send them straight to your inbox. Sign-up now for trusted local news that will never be behind a paywall.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.