Legal Aid won't pay hackers' ransom demands

Legal Aid ACT has confirmed it will not pay the ransom demanded by the hackers who earlier this month stole private information from the commission.

That hack could have exposed the data of some of the organisation’s most vulnerable clients, including refugees and victims of family violence.

In a statement, CEO Dr John Boersig said the decision not to agree to the demands of the criminal group was in line with the advice from both the Federal and Territory governments.

ACT Chief Police Officer Neil Gaughan said other examples around the world had shown that criminals would often take the ransom money and release the information anyway or make additional demands afterwards.

“Any ransom payment, small or large, fuels the cybercrime business model, putting other Australians at risk,” he said.

Legal Aid ACT was the victim of a cyber attack on Thursday, 3 November.

It’s unclear exactly why the commission was targeted, but ACT Policing and the Australian Federal Police are continuing their investigation.

The organisation, which provides free legal services to extremely vulnerable people, including victims of domestic and family violence, people with a disability, veterans, sexual assault victims and refugees, has stressed the safety of its clients is of utmost priority.

Earlier this week, Dr Boersig said he had appealed to the criminals not to release any of the information they had stolen online by explaining the impact it could have.

“We are appealing to this group to not release this information about our clients, some of whom are the most vulnerable people in Canberra,” Dr Boersig said.

There are some concerns about the release of data that could compromise the physical safety of victims of domestic violence if, for example, their new address was not known to the perpetrator.

Some clients have had police safety alerts set up.

Refugees could also have their overseas family’s safety compromised if their data was to be made public, Dr Boersig told an annual reports hearing last week.

Dr Boersig has committed to being as upfront with the public as he can be during the investigation.

Late last week (11 November), he confirmed the criminals had provided evidence they had data samples from the commission, including private and confidential information about clients.

The commission is continuing to reach out to people who have been identified as at-risk.

It’s unclear how many clients could have been impacted. Dr Boersig said last week he was working on the assumption of everyone’s data being vulnerable.

He added that steps were immediately taken to secure the commission’s data after it became aware of the hack.

Their data has since been moved to a new cloud-based system which is separate from the networks accessed by the hackers.

The services of a cyber specialist were also employed to ensure the security of the new network.

Anyone concerned about their data being exposed is encouraged to contact Legal Aid ACT on its 1300 654 314 helpline.

If you are concerned about your immediate safety, call police on 000, or if you would like a safety plan developed around this incident, call Domestic Violence Crisis Service on 02 6280 0900.