Cybersecurity Without Insanity? It could be as simple as 3 – 2 – 1…

This week: Australia’s largest law partnership is attacked, Capita faces a legal battle, and UK banks want social media platforms to pay for online fraud.


3 – Documents from Australia’s largest law partnership have been stolen by cyber attackers.

HWL Ebsworth, one of Australia’s largest law firms, has been the victim of a cyber attack, resulting in over 3TB of data being stolen by the attackers.

The firm has said that it became aware in late April of a post on the dark web claiming that its data had been stolen by a cyber criminal. On the 9th of June, it became aware that some of the data had been published online. According to a report in The Guardian, over 3TB of data was stolen, of which over 1TB has now been made public.

Key takeaway: Incidents like this one should give us more than enough motivation to check our defences.


2 – Capita faces legal claims after recent cyber attack.

According to a report in The Register, a law firm representing 250 individuals has issued a Letter of Claim to Capita, arising from what the law firm believes may be “the biggest data breach the country has ever experienced”.

According to a recent report by The BBC, “Capita is used by a large number of public and private organisations and they handle the personal information of millions of people”. As a result of a cyber attack on Capita in March, 90 of its UK clients had to report data breaches to the UK’s data protection regulator. Capita has said it expects the cost of the clean up from the attack to be GBP £20 million. And it is now facing legal action by those impacting by the breach.

Key takeaway: I’ll repeat myself: Incidents like this one should give us more than enough motivation to check our defences.


1 – UK banks aren’t happy with tech firms

UK Banks are pushing for social media companies to “do more to stop online fraud that originates from their websites and services”, warning that the UK was “a global hotspot for fraud and scams”.

According to a recent report on Computer Weekly, “scams such as authorised push payment (APP) fraud occur when consumers are tricked into making payments to fraudsters through platforms such as fake websites and messages, which often emanate from social media”. This type of fraud totalled almost USD $800m in the UK in 2021 alone, and banks frequently have to foot the bill.

Key takeaway: UK banks are pushing the UK government to get tech firms to pay for the online frauds that they say are facilitated by online platforms. I feel sorry for Meta, the owner of Facebook and Instagram. With profits of a measly USD $5.7 billion in the first quarter of 2023, how could it possibly pay to make its platforms safer for its (products) customers?

PS I talk about these news stories, and delve into how to manage cyber risks and regs without losing your sanity, on the “Cybersecurity Without Insanity” podcast.
All episodes are accessible from
or wherever you get your podcasts.