14th October 2025 Cyber Update: WA Legal Board Discloses Data Breach

Update: This month the Legal Practice Board of Western Australia (LPBWA) has begun notifying legal practitioners that their personal, financial, and health information was compromised in a ransomware attack that occurred in May 2025. The breach was carried out by the Dire Wolf ransomware group, a relatively new but aggressive threat actor that emerged in May and has since targeted organisations globally. The group claims to have stolen 300 gigabytes of data from the LPBWA.

While the board initially disclosed a limited data leak in May, a comprehensive investigation has now confirmed that the scope of the breach is larger than first understood. The LPBWA has stated it is continuing to assess the full extent of the compromised data and has secured an injunction to prevent any dissemination of the stolen information. Online services that were disrupted by the attack are being restored, with manual workarounds in place for processing practising certificates.

Why it Matters: This incident highlights the significant and growing threat to the legal sector, which holds a treasure trove of sensitive client and practitioner data. The five-month delay between the initial attack and the full disclosure of the breach’s scope raises serious questions about the challenges organisations face in understanding and responding to sophisticated cyber attacks.

The targeting of a government regulatory body also demonstrates the vulnerability of critical professional institutions. For legal practitioners, the compromise of personal, financial, and health information poses a significant risk of identity theft and fraud. The incident serves as a stark reminder for all professional bodies to strengthen their cyber defences and incident response plans.