A HWL Ebsworth spokesman said the firm became aware on Friday of an unauthorised third-party claiming it had taken a significant amount of data from the firm.
“The privacy and security of our client and employee information is of the utmost importance to us,” he said.
“As soon as we learnt of this potential incident, we acted quickly to respond to the threat and have been working with third-party experts to determine the validity of the claims, and to ensure the ongoing safety and security of our systems.”
HWL Ebsworth has notified, and is working with, the Australian Cyber Security Centre.
“At this time, we are still determining the credibility of the claims made and the potential impact to any data,” the spokesman said.
“There is no evidence that any third party is currently accessing our systems and no signs of encryption have been detected.
“We will continue to provide updates to our stakeholders, as appropriate, as new information becomes available. While investigations are ongoing, our operations are not impacted, and our focus remains on providing exceptional service for our clients to the high standards of our firm.”
If ALPHV proves to have the documents it says it obtained, it would have access to some of HWL Ebsworth’s most sensitive and valuable data. It could have repercussions for other law firms that have faced HWL Ebsworth; one of the sample documents released by ALPHV, for example, appears to have been drafted by Ashurst.
Katherine Mansted, director of cyber intelligence and public policy at CyberCX, said ALPHV have a strategy of “big game hunting” with 40 per cent of the attacks it has executed in Australia being on professional services firms.
Lawsuits filed against companies that have suffered a data breach are increasingly common, with action being taken more frequently even in cases where the number of impacted individuals is smaller, according to US law firm BakerHostetler.
BakerHostetler last week published its 2023 Data Security Incident Response Report, which is based on data collected from more than 1,100 cybersecurity incidents investigated by the company in 2022.
The report shows that 45% of incidents were network intrusions, followed by business email compromise (30%) and inadvertent data disclosure (12%). Following initial access, the most common actions were ransomware deployment (28%), data theft (24%), email access (21%), and malware installation (13%).
Earlier this year, a blockchain data company reported seeing a significant drop in the total amount of money received by ransomware groups in 2022 ($457 million) compared to the previous year ($766 million).
However, data collected by BakerHostetler shows that ransomware victims that did pay a ransom in 2022 paid more compared to 2021. The largest ransom demand seen by the firm in 2022 exceeded $90 million (compared to $60 million in 2021), and the largest ransom that was paid in 2022 was more than $8 million (compared to $5.5 million in 2021). The average ransom amount paid last year was roughly $600,000, up from $511,000 in 2021.
The cost of forensic investigations has also increased. For the 20 largest network intrusions, the average cost increased by 24%, from $445,000 in 2021 to $550,000 in 2022.
In addition to higher ransom demands and increased forensic costs, BakerHostetler found that a bigger percentage of incidents where the impacted organization notified individuals of a data breach resulted in at least one lawsuit. Specifically, the numbers have increased from four lawsuits out of 394 incidents in 2018 to 42 lawsuits filed for 494 incidents in
The life insurance shopping process takes many consumers three or more months.
For a few weeks, consumers want to hear from you and insurers about life insurance.
Which consumers? And which weeks?
Life insurance demand fell precipitously between February 2021 and the end of 2022.
Activity levels have started to recover, a little, but, at Verisk, we saw 17 straight months of negative year-over-year growth in life insurance. The industry charted less application activity as a result.
Why did that drop in activity occur, and what can life insurance providers do to generate applications during slow periods?
Consumers have been facing sustained inflation and tightened budgets. The theory is that they are simply less interested in life insurance, and distracted by more immediate financial priorities.
TECH BY OSMOSIS – Product demos can only take you so far. Sometimes the best way to gain a deeper understanding of a topic like technology is to just hang out with folks who really get it. While tech industry belt-tightening has led Big Law to trim emerging companies and venture capital (ECVC) practices, midsize law firms have actually embraced those clients. And, as Law.com’s Isha Marathe reports, doing so can help firms in ways that go beyond just their bottom lines. Often, for instance, these practices push law firms to become early adopters of legal technology. For those that really develop connections with the ECVC communities, such practices also can provide them with more access to technology experts or lawyers with honed tech skills.
PRIVATE PRIVACY CLAIMS PROLIFERATE – On its way to Washington state Gov. Jay Inslee’s desk is the My Health My Data Act, the “first state-level health data bill of its kind,” aimed at protecting personal information related to health conditions or attempts to obtain health care services. It’s also the first state privacy law to contain a “private right of action” provision since 2008, which means that, for the tech industry, there will be litigation. Likely lots of it, Law.com’s Riley Brennan reports. “We have seen wave after wave of cases filed not just against the large tech companies, but against the companies that use their products,” said David Zetoony, the co-chair of Greenberg Traurig’s data, privacy and cybersecurity practice. “Washington’s statute will certainly add more fuel to that fire and give plaintiffs attorneys another statute and legal theory to explore.”
Governor Lamont Signs Legislation Enacting a Comprehensive Consumer Data Privacy Law
(HARTFORD, CT) – Governor Ned Lamont today announced that he has signed into law Public Act 22-15which enacts a comprehensive series of protections for consumers that provide them with greater ability to safeguard their personal data that is collected when they interact with companies online.
The law also requires companies to lessen the amount of data they collect and only use that data for the purposes they are collecting it for, therefore having less data breaches and identity theft.
Connecticut becomes the fifth state to enact this kind of law protecting data privacy, following similar ones recently enacted in California, Colorado, Utah, and Virginia. The governor explained that while he prefers that Congress enact a similar data privacy standard at the federal level, he is hopeful that this growing coalition of states adopting these protections will result in companies defaulting to these standards nationwide.
“Digital commerce is now a way of life for nearly all of us, and every time we stream a television show or movie online, every time we go for a walk while wearing a fitness tracking device, and every time we purchase something from our favorite website, our actions are being logged and frequently sold and shared with others,” Governor Lamont said. “Consumers have a