Cyber incident updates

We have focused strongly on supporting our clients who use our services throughout the year, but we are also providing support to our staff who have been impacted by this cyber incident. 

Our staff are the ones who have been tirelessly working nights and weekends to identify the impacts from this crime and to keep our services going. 

I am proud of their commitment to looking after their clients and making sure they get the support they need. This crime has been distressing for our team and I applaud them for the care they have provided to so many Canberrans since this event happened earlier this month. 

I would encourage any former Legal Aid ACT staff to consider that they might be impacted by this crime as well. The cybercriminals stole a large range of information from our systems that included staff emails and other records. 

We cannot advise if your particular information was included in this crime, but the safest option is to assume it may have been stolen. 

We have developed some factsheets to support our clients and staff. We encourage you to read them carefully and act if you think you may need to protect your interests. 

• View the client factsheet
• View the staff factsheet

We continue to work hard to identify and contact our clients who might be at risk as a result of the recent cyber incident. 

We work closely with many community and government organisations across Canberra as we often support the same clients. This is one of the best parts of our work – we help people find the legal support they need and connect them to other services such as health and accommodation support. 

We know that many of our clients receive services from organisations such as Domestic Violence Crisis Service (DVCS) and the Victim Support ACT team in the ACT Human Rights Commission. 

Both organisations have been helping us from this start of this incident. We are grateful for the support of their teams in alerting people to this issue and making sure our clients can get the help they need. 

We encourage you to reach out to our team, or to contact DVCS or Victim Support ACT directly if you have questions or need their services. 

Domestic Violence Crisis Service 

• The Domestic Violence Crisis Service helps people to build lives free from domestic violence. 
• They have been providing emergency and long-term support, advice, domestic violence resources, and services in Canberra for over 30 years. 
• Their services are available to anyone living in the ACT region affected by domestic and family violence—children, young people and adults. 
• You can call their 24/7 Crisis Line on 02 6280 0900 or visit their Contact Us page. 

Victim Support ACT 

• The Victim Support team delivers free and confidential services for people who have experienced crime in the ACT. 
• You can use the services if you are: 
  • A person who has suffered harm as a result of a crime 
  • A family member of a person who has died as a result of a crime 
  • A person who has witnessed a crime 
  • It is not necessary to have reported the crime to police and you can access the service at any time after the incident. 
• You can phone them on 1800 8222 72 or visit their Contact Us page. 

We have engaged IDCARE to offer a free service to our clients who are concerned about how they might have been impacted during the recent cyber incident. 

IDCARE are Australia’s national identity and cyber support community service. They offer specialist case managers who can help you with any concerns you have about your personal information exposure. 

Opening hours 

• IDCARE case managers are available Monday to Friday from 9:00am to 6:00pm (AEDT). 

Book an appointment 

• Book online via their Individual Get Help Form or call 1800 595 160. 
• Due to current high demand, you are encouraged to use the online booking form. 

Referral code 

• Please use the referral code LAC22 when booking a time to ensure your matter is prioritised. 

No costs 

• This is a free service if you use the above referral code. 

You can find out more on the IDCARE website.

When the cybercriminals recently stole a large amount of data from our systems, it is commonly called a ‘data breach’. This may include any personal, financial or health information you shared with Legal Aid ACT, as well as any identity documents you may have provided.  

There are some actions you can take to protect yourself as we work to determine if your information was part of the breach. 

Contact information 

• Change your email and online account passwords (i.e. banking passwords). Enable multi-factor authentication for email accounts where possible. 
• Beware of scams and check Scamwatch for useful information on protecting yourself. 
• Do not open attachments or click on links in emails or social media messages from strangers or if you are unsure that the sender is genuine. 

Financial information 

• Check your accounts for unauthorised transactions and if you spot any purchases you didn’t make, report these immediately to your financial institution. 
• Request a copy of your credit report to check if it includes any unauthorised loans or applications. If you suspect fraud, you can request a ban on your credit report. 

Identity documents 

• Contact the government agency that issued the identity document for advice.  
• Contact Legal Aid ACT if you wish to use the IDCARE service to get expert advice on from an identity and cyber security case manager. 
• If you have been a victim of identity theft, you may be eligible for a Commonwealth Victim’s Certificate. This can help you negotiate with organisations to re-establish your credentials or to remove a fraudulent transaction from their records. 

Health information 

• You can contact your health service provider to discuss your concerns. 

We know this is a worrying time for some of our clients, so we encourage you to speak to family, friends or your regular health care provider. You can read our Finding help section for more information or call our office on 1300 654 314 and we will help you with a support package.

We are providing an update on why it is challenging to identify which information was stolen in the cyber incident. We are still confirming exactly what data was stolen. This is a manual process that may well take our team some week to finalise. 

The cybercriminal did not target any particular groups of information. They copied a broad range of files with no identifiable pattern. Unlike some crimes where a whole client record gets copied, we are learning that this was a haphazard approach which copied parts of files randomly. 

This approach makes the job of identifying the stolen data more difficult and means our teams manually combing through files. 

This is why we may not immediately be able to confirm if your private information has been stolen at this stage. We wish we could, but it is yet another example of how unprincipled these criminals are in potentially hurting people such as our clients. 

We can share that the information taken varies from administrative processes to personal information such as names, addresses, dates of birth, phone numbers, email addresses. 

We also know that some private information related to domestic and family violence matters have been stolen and are focusing on the safety of each individual client and their family.  

We can help you 

What we can promise you is that if you are one of our clients and worried about your personal safety, then please contact us and we will immediately offer you a range of support packagews to keep you safe. We have already helped some clients who were grateful for the quick support, and we are ready to do the same for you and your loved ones. 

IDCARE 

One of the ways we are helping our clients is through IDCARE - Australia’s national identity and cyber support service. They help individuals when their identity is misused or stolen. IDCARE can provide you with a case manager and give you the best advice on how to respond to data breaches, scams, identity theft, and cyber security concerns. 

This will be a free service is available to any Legal Aid ACT client who is concerned that this incident may have impacted them. Please call our Legal Aid Information Helpline on 1300 654 314 if you want to discuss how we can support you with IDCARE services. 

Legal Aid ACT CEO Dr. John Boersig has confirmed that they will not agree to the demands of a criminal group who stole private information from the organisation.

The decision not to pay a ransom is in line with federal and territory government advice.

On Thursday, 3 November 2022, Legal Aid ACT was subject to a cyber incident and took rapid action to change their systems and protect their clients who are socially or economically disadvantaged Canberrans.

Dr. Boersig said “Legal Aid ACT clients are people who have been subject to domestic and family violence, they are teenagers or older people, refugees, veterans, and people with disability. The safety of our clients and their families is our upper most priority.”

Chief Police Officer, Neil Gaughan said “We know from other examples around the world that criminals will often take ransom money and release information anyway or start approaching individuals with additional ransom demands.

“Any ransom payment, small or large, fuels the cybercrime business model, putting other Australians at risk.

Legal Aid ACT has remained committed to being as transparent as possible by providing regular updates on what the situation means for their clients.

“We will continue to work with Australia Federal Police and ACT Policing to investigate the matter and keep communicating with clients who may be impacted. If anyone has a concern, then they should contact us through our Helpline on 1300 654 314.

“I have welcomed the strong support from across ACT Government as Legal Aid ACT helps many Canberrans who also use government services in the justice, health, education and community services sectors. All parts of government are working together to look after people in our community,” Dr. Boersig said.

A timeline of events, including information for Legal Aid ACT clients who need help because of the cyber incident is available via the Legal Aid ACT website.

We encourage our clients to remain vigilant with their online security. If you are worried that you might have been subject to a cybercrime, there are some useful tips below to help you report a cybercrime or learn how to stay safe.

The Australian Cyber Security Centre offers help and advice in the event of a cybercrime incident. They have a range of resources to help you make your personal or business information more secure.

You can contact them for advice:

• Hotline: 1300 CYBER1(1300 292 371)
• Website:  https://www.cyber.gov.au/information

Report a cybercrime

You can report a cybercrime to police through their ReportCyber portal.

Translated information

You can view the easy-to-follow cyber security information in other languages.

Useful resources

You can access a range of cyber safety information and resources.

• View their resources library for a full list of guides and tips.
• Read a range of step-by-step guides for individuals and families.
• Download their one page guide to staying secure as a quick look at the best things you can do to stay safe.

Get alerts

You can subscribe to the ASCS alert services to get information on recent online threats and how they are managed.

We know that some of our clients might need help as a result of this cyber incident. 

We have a full range of physical health, mental health, cybercrime, legal, accommodation and government help available. If you need help this weekend, please consider some

If you have an urgent concern about your personal safety, please call ACT Policing on 000

If you would like to develop a safety plan around this incident, or need 24/7 help with domestic violence matters, please contact the Domestic Violence Crisis Centre on 02 6280 0900.

If you are experiencing, or at risk of experiencing, homelessness, OneLink will help you find appropriate support. You can them on 1800 176 468 or

The Canberra Rape Crisis Centre has a 24-hour callout service for those wishing to report sexual assault. You can call them on 6247 2525 or visit their website

1800 RESPECT offers support for those experiencing sexual, domestic and family violence. You can call 1800 RESPECT (737 732) or go to their website and choose ‘Online Chat’ at the bottom of the page.

Lifeline can be contacted by calling 13 11 14 or visiting the Lifeline website.

Beyond Blue is available and you can call them on 1300 22 4636 or visit the Beyond Blue website.

Kids Helpline is Australia’s only free (even from a mobile), confidential 24/7 online and phone counselling service for young people aged 5 to 25. You can contact Kids Helpline by calling 1800 55 1800 or visiting the Kids Helpline website.

You can also visit the ACT Government Community Services website for more services.

You can get a full list of services on our Find Help page.

We can confirm that we are in contact with the group who are responsible for this cyber incident.

They have provided evidence that includes data samples. We have verified that they do hold copies of some of our data. This data includes private and confidential information about our clients.

This group have made some demands, but we cannot comment further as this is now a criminal investigation. We continue to liaise closely with the Australian Federal Police and ACT Policing, and we are taking their advice.

We must carefully balance this sensitive investigation with being transparent with our community.

We can say that we are appealing to this group to not release this information about our clients, some of whom are the most vulnerable people in Canberra.

Work continues this weekend

Our priorities continue to be protecting our clients who might have their personal safety at risk as a result of this event. We will have teams working this weekend to identify anyone who might be at risk.

We continue to reach out to people as we identify their level of risk. We are heartened by the responses of those we have contacted so far as we work together to keep them safe.

We have not slowed down the pace of this investigation since it started. I would like to thank the many people who are working tirelessly in response to this event and continuing to deliver services to the community at the same time.

We will provide further updates over the weekend and encourage you to stay vigilant online.

You can call our Legal Aid information helpline on 1300 654 314 or visit our contact page.

We know some of our clients may be looking for advice on how to stay safe online or report a cybercrime if they think someone is targeting them. 

The Australian Cyber Security Centre offers help and advice in the event of a cybercrime incident. They have a range of resources to help you make your personal or business information more secure. 

You can contact them for advice:  

• Hotline: 1300 CYBER1(1300 292 371)  
• Website: www.cyber.gov.au

Report a cybercrime 

You can report a cybercrime to police through their ReportCyber portal. 

Translated information 

You can view the easy-to-follow cyber security information in other languages. 

Useful resources 

You can access a range of cyber safety information and resources. 

• View their resources library for a full list of guides and tips. 
• Read a range of step-by-step guides for individuals and families. 
• Download their one page guide to staying secure as a quick look at the best things you can do to stay safe. 

Get alerts 

• You can subscribe to the ASCS alert services to get information on recent online threats and how they are managed. 

We are continuing to work with the Australian Federal Police and ACT Policing on the investigation into the criminal matter from the cyber incident last week. 

While we do not have new information to share yet, we can reassure our clients that people are working around the clock to help us. This includes national and territory law enforcement agencies, IT specialists, community services groups, ACT Government, as well as our entire Legal Aid ACT team. 

We share our community’s concern that this criminal group have targeted vulnerable Canberrans. They have stolen private information that we have always treated with the utmost care and confidentiality. 

Legal Aid ACT helps people with their legal problems, especially people who are socially or economically disadvantaged. Many clients have been subject to domestic and family violence. Some clients are teenagers or older people who need help, or refugees trying to find safety in Australia. We also help veterans and people with disability to participate in Royal Commissions and share their stories.

We have had some correspondence from a group who say they are responsible for the cyber incident last week when information was stolen from our systems. We are communicating with them to see if they are authentic. We cannot comment further at this stage as this is a criminal investigation and we do not want to put people at risk.

Cyber investigation continues

The investigation to identify exactly what information was stolen will be ongoing as we try to get a clearer understanding of how many people are impacted by this event. We do not know this number yet, and despite our best attempts to find out, it may not be possible to ever know.

Our business is about helping vulnerable people in the Canberra community. That is why we are taking the approach that we have to assume people are at risk until we can confirm otherwise.

Rapid review of personal safety risk

We continue to focus on the people we can immediately help if there is a risk to their personal safety.

My team is reviewing our cases to identify anyone who might be at higher risk if their private information is shared with others or made public.

We provide a lot of support across Canberra, so this includes doing a risk assessment on hundreds of cases. This is our highest priority work, and we are doing this as quickly, but as thoroughly, as we can.

Safety support packages

We successfully contacted some people yesterday and we continue to reach out to more people.

We are providing tailored safety packages based on the needs of each person. This can include help with legal advice, mental health services, setting up a safety plan and other assistance.

Our in-house social work team is supporting our clients and connecting them to other services such as the Domestic Violence Crisis Service (DVCS) as required.

Connecting our community

We encourage you to reach out if you need some help through our Community Liaison Unit:

• Aboriginal Liaison Officer – help Aboriginal and Torres Strait Islander people
• Cultural Liaison Officer – help migrants and refugees speak to lawyers and other services
• Family Violence Officer – support people who might be experiencing family violence
• FASS Family Advocate – provide family advocacy and support in the family violence space
• Disability Justice Liaison Officer - support people with disability involved in the legal system
• Mental Health Liaison Officer – provide a range of mental health services and information.

For our clients who need help with language, we have translators available. If you need an interpreter, please call TIS on 131 450. You can also book an interpreter on-line go to the TIS National website: http://www.tisnational.gov.au

We appreciate that this is a confronting situation for some of our clients and we share your concerns which is why we are doing everything we can to help them.

You can continue to call our Legal Aid information helpline on 1300 654 314 or visit our contact page.

Our investigation into the cyber incident we experienced last week is continuing. 

Today we started communicating directly with some of the people who have had personal information stolen. The people we have spoken to were grateful to be so quickly contacted and appreciated the range of support we can offer. If they do not need immediate support, they know who to talk to in our team if they change their mind at any time. 

As part of our safety package, and only if requested by our client, we are putting them in touch with ACT Policing. This is important if a client feels like their personal safety may be at risk and helps ACT Policing to provide the best types of support.  

We also moved our whole practice to a new cloud-based work system today that is completely separate to the networks accessed in this incident. And with help from our cyber specialists, we have ensured our new systems are secure so that those responsible for this cyber incident cannot access further client information. 

While any major system change is a challenge, our staff were enthused to be back in the office and focused on looking after their clients. I thank them for their dedication and continued commitment to keeping our clients safe and supporting them with our services. 

If you have questions about this cyber incident, please call our Legal Aid information helpline on 1300 654 314. 

We will provide another update on how we are managing this incident tomorrow. 

We can now confirm that client information was copied during the cyber incident that happened on Thursday 3 November 2022.

We are still working with our cyber specialist teams to identify exactly what data was copied but that process will take weeks to finalise. We know some of our clients are in vulnerable situations. We are taking immediate action to minimise risks to the safety of those clients whose information has been accessed.

What we know so far is that the data they have stolen contains personal information about some of our clients. This includes private information related to the services we provide some people.

We understand that you will find this news distressing. We committed to being honest about what is happening, and we are available to support you and your family. Immediate support packages.

Immediate support package

• We have started identifying people who have had sensitive information stolen.
• If you are one of those people, out team will conduct an in-person visit with you tomorrow to explain which parts of your information was stolen.
• This team will include one of our lawyers and social worker.
• They will talk to you about the range of support we can provide you are your family. 

Priority focus

• Our team will continue identifying other people who might be at higher risk from their data being stolen.
• This will take some time to do thoroughly, but it is our highest priority 
• If you are identified in coming days, we will contact you to offer support.

This is a very serious crime and we are working closely with the Australian Government and ACT Government and being guided by their advice.

With help from cyber specialists, we have ensured our systems are secure so that those responsible for this cyber incident cannot access further client information.

We are devastated that we have been the target of such malicious criminal behaviour and out team will be available in the office and via our telephone help lines to answer any questions. 

We remain committed to providing these daily updates and doing everything we can to support you during this time. 

We are working around the clock on the cyber incident investigation, and while the size and scope of the incident is still unknown, we know it will take some time to complete.

We have shut down our systems and have ensured that the cybercriminal cannot access any information as we continue this work.

Specialist teams

We appointed a team of forensic IT specialists to help us investigate and they are providing us with regular updates. I thank them for their considerable efforts this weekend as they work to determine how this event occurred so we can start identifying potential impacts for our clients.

We are also working with the Australian Office of the Information Commissioner, the Australian Cyber Security Centre, the Australian Federal Police and ACT Policing as this is a criminal matter.

Our security measures

In recent years we have invested heavily in hardware, software and staff training to ensure our cyber security is the best it can possibly be. While we know the cyber criminal is responsible for this incident, we are disappointed that they have been able to withstand our considerable cyber security measures. W

e are deeply concerned about the potential impact on our clients resulting from this event. We know you trust us to keep your information safe and we take that responsibility very seriously.

We are taking all necessary steps to investigate and remedy the situation as quickly as possible. We will know more about how this happened in coming days and weeks, but we remain committed to sharing these regular updates with you to keep you informed.

Our specialist cyber security firm has worked through the night and their teams continue to put extensive support into this incident investigation.

We are still determining if client information has been accessed as this is our highest priority.

We can confirm that we haven’t been contacted by the hacker or received any request for ransom.

Some disruptions to our services will unfortunately continue, but we will not be fully up and running until we are assured all safety measures are in place and have been extensively tested.

Some court hearings and other matters are continuing, and individuals involved in those matters are being contacted directly.

Our phone lines are available with our staff ready to support any calls for assistance. Please note our staff cannot comment on individual matters in relation to this incident as we do not yet have that information from the investigation.

Our clients can call the Legal Aid Information helpline on: 1300 654 314.

We are doing a thorough investigation, and this will take some time to complete to our satisfaction.

This work will be continuing over the weekend, and we will provide the next update when we have new information.

On Thursday, 3 November 2022, Legal Aid ACT was subject to a cyber incident.  

We took rapid action to protect our systems and have engaged a specialist cyber security firm to investigate this incident.

At this stage we cannot confirm if any client information has been impacted.

Some of our systems and services may be affected during this investigation as we make every effort to safeguard client information.

If the investigation reveals that client information has been accessed, a Legal Aid ACT staff member will contact those clients directly.

Looking after our clients and their sensitive data is our highest priority and we acknowledge that this incident will cause some regrettable concerns and disruptions for our clients.

Our immediate concern is for our clients, staff and those parties linked by litigation to our services.

Legal Aid ACT is committed to transparency about what we know, and how that could impact our customers, our people, and the broader community.

If you are concerned about your immediate safety call Police on 000, or if you would like a safety plan developed around this incident call Domestic Violence Crisis Service on 02 6280 0900.

We will update our website regularly with the steps we are taking to resolve this incident and will share the investigation results when they are available.