The Legal Practice Board of WA is notifying victims of a major data breach that took place in May after a ransomware attack by the Dire Wolf group compromised sensitive practitioner data.
Elite Washington D.C. law firm Williams & Connolly, has confirmed a nation-state-backed cyberattack. The breach leveraged a zero-day vulnerability to access attorney email accounts, part of a broader espionage campaign targeting the US legal sector.
Sam Altman’s AgentKit empowers anyone to build AI agents without code, while Chamath Palihapitiya’s “Software Factory” vision reimagines solo founders as AI-powered creators. As Elon Musk pushes his truth-seeking xAI, Silicon Valley’s battle for the future of intelligence intensifies.
The Legal Practice Board of WA is notifying victims of a major data breach that took place in May after a ransomware attack by the Dire Wolf group compromised sensitive practitioner data.
Cyber News Centre's cyber update for 14th October 2025: The Legal Practice Board of Western Australia has confirmed a significant data breach following a ransomware attack, exposing the personal, financial, and health data of legal practitioners.
The Legal Practice Board of Western Australia is the regulatory body responsible for the admission and professional conduct of lawyers in the state.
Update: This month the Legal Practice Board of Western Australia (LPBWA) has begun notifying legal practitioners that their personal, financial, and health information was compromised in a ransomware attack that occurred in May 2025. The breach was carried out by the Dire Wolf ransomware group, a relatively new but aggressive threat actor that emerged in May and has since targeted organisations globally. The group claims to have stolen 300 gigabytes of data from the LPBWA.
While the board initially disclosed a limited data leak in May, a comprehensive investigation has now confirmed that the scope of the breach is larger than first understood. The LPBWA has stated it is continuing to assess the full extent of the compromised data and has secured an injunction to prevent any dissemination of the stolen information. Online services that were disrupted by the attack are being restored, with manual workarounds in place for processing practising certificates.
Why it Matters: This incident highlights the significant and growing threat to the legal sector, which holds a treasure trove of sensitive client and practitioner data. The five-month delay between the initial attack and the full disclosure of the breach’s scope raises serious questions about the challenges organisations face in understanding and responding to sophisticated cyber attacks.
The targeting of a government regulatory body also demonstrates the vulnerability of critical professional institutions. For legal practitioners, the compromise of personal, financial, and health information poses a significant risk of identity theft and fraud. The incident serves as a stark reminder for all professional bodies to strengthen their cyber defences and incident response plans.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Elite Washington D.C. law firm Williams & Connolly, has confirmed a nation-state-backed cyberattack. The breach leveraged a zero-day vulnerability to access attorney email accounts, part of a broader espionage campaign targeting the US legal sector.
A third-party data breach at Discord has exposed the government-issued IDs of 70,000 users, highlighting the significant security risks associated with supply chain vulnerabilities and age verification processes. The incident has sparked extortion demands and raised concerns for Australian users.
Japan's largest brewer, Asahi Group Holdings, has confirmed a ransomware attack by the Qilin group, resulting in production shutdowns and the theft of 27GB of corporate data.
Oracle has issued an emergency patch for a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite. The Clop ransomware group has been exploiting the flaw to steal executive data and launch widespread extortion campaigns affecting thousands of organisations globally.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
