Cyber incident investigation
The Legal Practice Board (the Board) experienced a cyber incident in late May 2025 which resulted in some of our systems being taken offline, including our online website services.
Since this time, the Board has worked to restore and ensure the security of our systems, implement temporary manual workarounds where needed, and fully investigate the incident and potential data access. We would like to assure you that the incident was swiftly contained, and we have implemented a range of measures to prevent risk of reoccurrence.
Following a comprehensive investigation, the Board has determined that some additional data was accessed by the third party, beyond the small amount of information disclosed in May which was communicated at the time and swiftly removed from the web within 24 hours following takedown efforts. Please note, no additional information relating to the Board has been disclosed.
The Board has undertaken a detailed review to determine what information may have been accessed, and during October and November issued notifications advising individuals in relation to involved identity, health or financial information. Following completion of its review, the Board has commenced issuing final notifications to a limited number of individuals in relation to other personal information that has been identified as involved in the incident.
If you do not receive a notification by email or post, there is no action you need to take.
More information about notifications to individuals and the support options available are provided below, along with further details on the incident response, information relating to online services and the manual processing of practising certificates.
Incident background
On 21 May 2025, the Board experienced a cyber incident involving unauthorised access to a portion of our IT environment.
As soon as the incident was detected, a response team was quickly mobilised, and work began to ensure the security and integrity of the Board’s systems. The incident was quickly contained, and a range of measures to prevent reoccurrence were implemented. The Board also implemented some temporary manual workarounds for its services while restoration works were underway.
While initial investigations were underway, the Board obtained an injunction to prevent any access, dissemination or sharing of data impacted by the incident. This injunction remains in place.
On 27 May 2025, the third party responsible for the incident disclosed a small amount of data online which was removed within 24 hours following our takedown efforts. The disclosed data contained some limited contact information, some operational and resourcing information and bank account details for the Board, and a very small number of individuals who were directly notified.
The third party threatened to disclose more data on 15 June 2025. On 19 June and 20 November 2025, the third party published some data, claiming it related to the Board. The Board reviewed this data and confirmed that this data did not relate to the Board. The Board has not detected any further activity since this time and dark web monitoring remains in place.
The Board has been working with the relevant government agencies and law enforcement bodies in response to the incident, including the Office of Digital Government Western Australia, the Office of the Australian Information Commissioner (OAIC), the Western Australian Information Commissioner, the Western Australia Police Force and the Australian Cyber Security Centre (ACSC).
Following a detailed review to help determine what other information may have been accessed, the Board is now issuing final notifications to individuals to provide tailored guidance and support options relevant to the data involved for them. If you do not receive a notification by email or post there is no action you need to take.
Further questions
We have provided some FAQs below which our practitioners and broader stakeholders may find helpful. Any questions about the incident should be directed to our 24/7 helpline on 08 7070 2413 or to incident@lpbwa.com
Previous correspondence to our practitioners
- 3 December 2025
- 1 October 2025
- 18 September 2025
- 15 August 2025
- 1 August 2025
- 25 July 2025
- 10 July 2025
- 3 July 2025
- 1 July 2025
- 27 June 2025
- 26 June 2025
- 19 June 2025
- 17 June 2025
- 13 June, 2025
- 4 June, 2025
- 28 May, 2025
- 27 May, 2025
FAQs
Operational frequently asked questions
Practising certificates
Following the introduction of some interim manual workarounds while systems were being restored, we are very close to completing the distribution of renewed practising certificates directly to practitioners via email.
There remain some practitioners who need to complete payment or provide further information for their application to be processed. If you believe you have submitted your application, but have not received confirmation from us of receipt, please contact the Enquiries team on (08) 6211 3600.
I need proof of my practising certificate application
If you believe you have submitted your application, but have not received confirmation from us of receipt, please contact the Enquiries team on (08) 6211 3600.
There’s an issue with my invoice
If you have any queries about an invoice that requires modification, please contact enquiries@lpbwa.com so our team can help with a resolution.
I received two practising certificates – which one should I use?
If you submitted your application online on or after 9 May 2025, and have received a practising certificate, you may receive an email providing you with a re-issued certificate and new certificate number. This is a result of our system restoration works.
If you receive an email with a re-issued practising certificate, please disregard the 2025-26 practising certificate you received earlier in May, and use the new one as your valid Australian practising certificate effective 1 July 2025.
I’m wondering about late fees
We understand that the manual workarounds implemented as a result of the recent cyber incident caused inconvenience for some practitioners, and we apologise for the disruption caused.
Recognising this, the Board waived the usual late fees that apply for lodging a renewal application in June. Late fees resumed as usual on Tuesday 1 July 2025.
If you have any concerns about an invoice that requires modification, please contact enquiries@lpbwa.com so our team can help with a resolution.
Will I be certificated on 1 July 2025?
If you lodged an application with the Board to renew your practising certificate before 30 June 2025, your certificate expiring on 30 June 2025 will remain in force until your renewal application is determined.
Is the Admissions portal working?
The online Admissions portal reopened on our website on Thursday 19 September. Applicants for the December admission ceremony and following are required to submit their applications through the online portal.
If you have any questions about the admission process, please contact us on 08 6211 3600 or by email at enquiries@lpbwa.com
What is the status of CPD activities on the Service Hub?
All CPD related functions are again available via the Service Hub, with the last of the functions having been brought back online mid-October.
If you have any queries with regard to CPD requirements (including exemptions or applications for accreditation), you can refer to the Board’s website, or contact us at enquiries@lpbwa.com
I need to contact/find a practitioner
Our Find a Practitioner search tool is currently unavailable. This will be restored shortly as more system functionality is brought back online.
In the interim, please contact the Board on (08) 6211 3600 or enquiries@lpbwa.com and we can run a manual search of the system for you.
Cyber incident frequently asked questions
What was the initial date of the incident?
We took some systems offline on Wednesday 21 May following detection of unusual activity on our network. We became aware of disclosure of a small amount of our data on Tuesday 27 May, which was removed within 24 hours following takedown efforts.
We have not detected any disclosure of any further Board data since this time.
What data is involved?
Some limited corporate correspondence was disclosed on Tuesday 27 May. Our review of this disclosed dataset found this correspondence did not contain sensitive personal information. The correspondence contained:
- minimal contact information;
- some operational and resourcing information; and
- bank account details for the Board and a very small number of third parties who have been directly notified.
Following a comprehensive investigation, the Board has determined that some additional data was accessed by the third party beyond the small amount of information disclosed in May.
The Board has undertaken a detailed review to determine what information may have been accessed and notified individuals in relation to involved identity, health or financial information over October and November. Following completion of this review, the Board has commenced issuing final notifications to a limited number of individuals in relation to other personal information that has been identified as involved in the incident.
While this information was subject to unauthorised access by the third party responsible for the cyber incident, we have reason to believe that they no longer possess any Board data. We also have not detected any misuse of this information.
In the unlikely event that the third party still holds Board data, we have obtained an injunction to prevent any access, dissemination or sharing of data involved in this incident.
Will I receive a notification letter?
The Board has commenced issuing final notifications to a limited number of individuals in relation to other personal information that has been identified as involved in the incident.
These notifications are being sent by email and post. If you have not received a notification by email or post there is no action you need to take.
Has more data been disclosed?
We are aware the third party who disclosed a small amount of data in May (which was removed within 24 hours following takedown efforts) threatened to release more data on 15 June 2025.
On 19 June and 20 November 2025, the third party published some data, claiming it related to the Board. We can confirm that this data did not relate to the Board.
We have not detected any further activity since this time or any further disclosure of any of our data. Monitoring continues and if disclosure occurs, we will respond appropriately.
We are also aware of media claims alleging the sale of the Board’s data to a member of the legal profession. We have investigated this and have found no evidence to substantiate these claims.
What does the injunction do?
We have been granted an injunction to prevent any access, dissemination or sharing of data involved in this incident. Any attempt to access this data may be in contravention of this court order.
Whose data was involved?
The Board has undertaken a detailed review to determine what information may have been accessed and notified individuals in relation to involved identity, health or financial information during October and November. Following completion of this review, the Board has commenced issuing final notifications to a limited number of individuals in relation to other personal information that has been identified as involved in the incident.
Each notification statement outlines the support services available which are specific and tailored to the data involved for each individual.
Important - If you do not receive a notification statement by email, or post, there is no action you need to take.
What support is available for potentially affected individuals?
We have a 24/7 helpline available on 08 7070 2413 to help address any further questions or concerns you may have.
Alternatively, if you have specific concerns about the cyber incident which relate to your specific circumstances, please email the incident response team on incident@lpbwa.com so they can provide further guidance and support.