Regional Express subsidiary, Judo Bank caught in HWL Ebsworth breach

A Regional Express (Rex) subsidiary and Judo Bank have named themselves as having potential exposure to the HWL Ebsworth data breach.

Rex on Monday issued a statement, saying its exposure is indirect: HWL Ebsworth acted as lawyers for a client of Rex.

“The incident resulted in the theft of data relating to confidential exchanges between Rex’s subsidiary and its client," the airline said.

“As far as Rex is aware, Rex Airlines is not affected, and no passenger details have been compromised.”

The airline is awaiting “evaluation of the documents that have been stolen” to determine the impact on its interests, and has put both HWL Ebsworth and the unnamed client “on notice”.

The other organisation to go public is Judo Bank.

In its statement, Judo Bank says it was an HWL Ebsworth client “for a short period”.

“Judo Bank has provisionally, and where required, contacted our customers and employees who we understand may have been impacted by this incident," it said.

“Judo Bank is continuing to work with HWL Ebsworth to ensure affected individuals are formally notified under the notifiable data breaches scheme."

Customers who have not been contacted are not impacted by the breach, the bank said.

Threat actor ALPVH/BlackCat group claimed responsibility for the attack and in June published about 1.4TB of exfiltrated data.

Organisations previously going public as victims include the government of Tasmania, the Fair Work Ombudsman, and the NDIA.

More than 40 government agencies are reportedly affected. 

In early July, cyber security coordinator Air Marshal Darren Goldie said a “number” of federal government agencies were affected, so there may be more announcements to come.