Orders Against Unknown Persons – a development in Australian data breach litigation

It is sometimes taken for granted in a data breach response that there is no utility in suing threat actors who are unknown and often located overseas in jurisdictions not amenable to cross-border litigation. However, the recent decision of the Supreme Court of New South Wales in HWL Ebsworth Lawyers v Persons Unknown [2024] NSWSC 71 demonstrates that there can be grounds to sue unknown threat actors – and sometimes it may be necessary for a party to take injunctive steps to protect its claims of confidentiality.

The HWLE Data Breach

The facts of the HWLE data breach are well-known. In April 2023, a group named AlphV or Blackcat accessed HWLE’s servers and exfiltrated 3.6 terabytes of data comprising 2.4 million files. The data included client files belonging to 65 government agencies and departments (including Home Affairs and Defence), major banks, insurers and numerous ASX-listed companies. The threat actors then attempted to ransom HWLE and on 9 June 2023 published some of the stolen data on the dark web.

The Proceedings

On 12 June 2023, the Court granted interlocutory relief against the threat actors as a class of “those persons who carried out or participated in the unauthorised exfiltration of…

Full article available on Disputes +

Latest insights

More Insights
featured image

Bird & Bird marks World Children’s Day by announcing its forthcoming Global Comparative Guide to Children in the Digital World

7 minutes Nov 20 2024

Read More
power station

UK Supreme Court grants anti-suit injunction and re-affirms Enka upholding parties’ agreement to arbitrate

Nov 20 2024

Read More

Dutch Mass Claims Litigation – Has the WAMCA failed to deliver its promise to high-risk litigation funders or is it yet too soon to tell?

Nov 15 2024

Read More