Cyber Incident Victim: Legal Practice Board of Western Australia
Date:
May 2025
Location:
Australia
Summary
The Legal Practice Board of Western Australia experienced a cyber incident that forced several of its systems, including its website services, to be taken offline while manual workarounds were put in place to maintain core functions such as processing applications and renewals for practising certificates. Investigation revealed that a small amount of corporate correspondence was accessed and disclosed, containing minimal contact details, some operational and resourcing information, and banking details for the Board and a limited number of third parties, with no trust information or residential addresses exposed. The organization has engaged external experts, obtained an injunction to prevent further dissemination of the affected data, and is cooperating with state cyber‑security authorities as it continues to assess the scope of the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Wednesday 21 May 2025 the Legal Practice Board of Western Australia detected unusual activity on its network and promptly took several systems offline, including its online website services. The board continued to investigate the incident and on Tuesday 27 May 2025 confirmed that a small amount of information had been disclosed by an unknown third party. The disclosed data consisted of limited corporate correspondence containing minimal contact information, some operational and resourcing details, and bank account details for the board and a very small number of third parties who were directly notified. No trust information, residential addresses, or other sensitive personal data were found in the disclosed material.
As a result of the incident the board’s online payment system and website services remained unavailable, prompting the implementation of manual workarounds to continue processing applications and renewals for Australian practising certificates. Applications submitted through the website Service Hub were accepted up to 11:29 pm on 20 May 2025, after which practitioners were required to download a manual form, complete it, and email it to [email protected]. The board stated that it would contact applicants to arrange payment once online services or alternative payment facilities were restored, and that fees would be based on the date of application submission rather than the date of payment. Admissions ceremonies were confirmed to proceed, with the admissions team offering assistance via email to ensure all required documentation was provided.
To prevent further access, dissemination or sharing of the affected data, the board obtained an interim injunction from the court. It engaged external cyber‑security experts and worked closely with Cyber Security Western Australia, part of the Office of Digital Government in the Department of Premier and Cabinet, as well as other relevant authorities. The board established dedicated communication channels, including the [email protected] email address and a helpline at 08 7070 2413, and provided frequently asked questions and updates to practitioners. The board also confirmed that the disclosed banking details related to a very small number of third parties who had been directly notified.