Australian Federal Police works with Legal Aid ACT on cyber attack

Legal Aid is communicating with the alleged hackers, chief executive officer John Boersig said on Tuesday afternoon.

"We have had some correspondence from a group who say they are responsible for the cyber incident last week when information was stolen from our systems," he said.

"We are communicating with them to see if they are authentic."

Australian Federal Police officers from the force's ACT Policing division are, with help from specialised cybercrime investigators, investigating the "malicious" cyber attack.

Legal Aid ACT, which provides free legal services, had a "substantial amount of data" stolen on Thursday afternoon.

Fewer than 10 people deemed high-risk had been connected with ACT Policing, Mr Boersig told The Canberra Times.

"We assist in the order of 40 or 50,000 people a year, so hopefully it's that kind of small number of people who are most at risk," he said.

"The people we have spoken to were grateful to be so quickly contacted and appreciated the range of support we can offer."

He said Legal Aid was also working with the Australian Federal Police, Office of the Australian Information Commissioner and the Australian Cyber Security Centre.

READ MORE:

It comes after recently released Australian National University research found one in three Australians had been victims of data breaches in the past 12 months.

And a high-profile hack on insurer Medibank Private escalated early Tuesday morning, with the hacker threatening to release data.

Mr Boersig said the most immediate concern for Legal Aid was ensuring vulnerable clients, such as family violence victims, were safe.

"We're going through our own files and identifying anyone that may be at risk and contacting them," he said.

"That's really around people who are involved in family law or family violence proceedings.

"Our main concern really is identifying people and making sure they're safe."

Data was stolen from across the organisation, but no individual clients could be identified.

Forensic IT specialists are working to identify customers, Mr Boersig said.

"We know we've lost a substantial amount of data, but that doesn't link directly to individuals," he said.

"[The data is] taken as bits and pieces, and it has to be reconstructed.

"[It's like] trying to put substance to a shadow."

IN OTHER NEWS:

The practice has also been moved to a cloud-based system to prevent hackers from stealing more information.

"[It] is completely separate to the networks accessed in this incident," Mr Boersig said.

"And with help from our cyber specialists, we have ensured our new systems are secure so that those responsible for this cyber incident cannot access further client information.

"While any major system change is a challenge, our staff were enthused to be back in the office and focused on looking after their clients."

On the weekend, Mr Boersig said he was "disappointed" the hacker could withstand the Legal Aid ACT's "considerable cyber security measures".

"In recent years we have invested heavily in hardware, software and staff training to ensure our cyber security is the best it can possibly be," he said.

"While we know the cyber criminal is responsible for this incident, we are disappointed that they have been able to withstand our considerable cyber security measures.

"We are devastated that we have been the target of such malicious criminal behaviour."

We've made it a whole lot easier for you to have your say. Our new comment platform requires only one log-in to access articles and to join the discussion on The Canberra Times website. Find out how to register so you can enjoy civil, friendly and engaging discussions. See our moderation policy here.