Investigation into cyber incident – more information – Helpline 08 7070 2413

Cyber incident investigation 

The Legal Practice Board (the Board) experienced a cyber incident in late May 2025 which resulted in some of our systems being taken offline, including our online website services.

Since this time, the Board has worked to restore and ensure the security of our systems, implement temporary manual workarounds where needed, and fully investigate the incident and potential data access. We would like to assure you that the incident was swiftly contained, and we have implemented a range of measures to prevent risk of reoccurrence.

Following a comprehensive investigation, the Board has determined that some additional data was accessed by the third party, beyond the small amount of information disclosed in May which was addressed at the time.

The Board is undertaking a detailed review of this data and on Wednesday 1 October, 2025, commenced notifying individuals whose health, identity and financial information was involved. 

If you have not received a notification by email or post there is no action you need to take. Please note, emails may be sent to work or personal email addresses.

The Board is continuing to assess whether any other information was involved and will issue further notifications should this be required. This webpage will be updated when the data review and notifications are complete.  

Importantly, the Board considers there is a low risk of misuse of the data involved, based on the following factors:  

  • While the data was subject to unauthorised access by a third party responsible for the cyber incident, based on our investigation we have reason to believe that this third party no longer possesses any Board data. 
  • We have not detected any disclosure of Board data (other than a small amount of low-risk data in May which was communicated about at the time and impacted individuals notified directly). Other than this limited disclosure, we have not detected any misuse of Board data. Dark web monitoring continues and if disclosure occurs, we will respond appropriately. 
  • In the unlikely event that the third party still holds Board data, we have obtained an injunction to prevent any access, dissemination or sharing of data involved in this incident.
  • We are also aware of media claims alleging the sale of the Board’s data to a member of the legal profession. We have investigated this and have found no evidence to substantiate these claims. 
  • Despite these mitigating factors, we have invested significant effort in reviewing information that was accessed to identify the kinds of personal information involved, and where steps can be taken by individuals to protect against potential misuse.


More information about notifications to individuals and the support options available are provided below, along with further details on the incident response, information relating to online services and the manual processing of practising certificates.

Incident background

On 21 May 2025, the Board experienced a cyber incident involving unauthorised access to a portion of our IT environment.  

As soon as the incident was detected, a response team was quickly mobilised, and work began to ensure the security and integrity of the Board’s systems. The incident was quickly contained, and a range of measures to prevent reoccurrence were implemented. The Board also implemented some temporary manual workarounds for its services while restoration works were underway.

While initial investigations were underway, the Board obtained an injunction to prevent any access, dissemination or sharing of data impacted by the incident. This injunction remains in place. 

On 27 May 2025, the third party responsible for the incident disclosed a small amount of data online which was removed within 24 hours following our takedown efforts. The disclosed data contained some limited contact information, some operational and resourcing information and bank account details for the Board, and a very small number of individuals who were directly notified.

The third party threatened to disclose more data on 15 June 2025. On 19 June 2025, the third party published a link to some data, claiming it related to the Board. The Board reviewed this data and confirmed that this data did not relate to the Board. 

The Board has not detected any further activity since 19 June 2025 and dark web monitoring remains in place.

The Board has been working with the relevant government agencies and law enforcement bodies in response to the incident, including the Office of Digital Government Western Australia, the Office of the Australian Information Commissioner (OAIC), the Western Australian Information Commissioner, the Western Australia Police Force and the Australian Cyber Security Centre (ACSC).

Following a detailed review to help determine what other information may have been accessed, the Board is now notifying individuals to provide tailored guidance and support options relevant to the data involved for them.

Involved data 

The Board has identified that some data (beyond the small dataset disclosed on 27 May 2025) was subject to unauthorised access during the cyber incident. The Board has not detected any disclosure of this information. 

Additionally, while this data was accessed by the unauthorised third party responsible for the cyber incident, based on our investigation we have reason to believe that they no longer possess any Board data.  

Notifications to individuals

The Board is undertaking a detailed review of this data and has commenced notifying individuals whose health, identity and financial information was involved. If you have not received a notification by email or post there is no action you need to take.

The Board is continuing to assess whether any other information was involved and will issue further notifications should this be required. This webpage will be updated when the data review and notifications are complete.   

Each notification statement outlines the support services available which are specific and tailored to the information involved for each individual. 

Operational update

The Board has been working to restore systems as soon as possible and implemented temporary manual workarounds to ensure we continued to deliver key services, including processing applications and renewals for Australian practising certificates. More information on this is provided below.

Further questions

We have provided some FAQs below which our practitioners and broader stakeholders may find helpful. Any questions about the incident should be directed to our 24/7 helpline on 08 7070 2413 or to incident@lpbwa.com

Previous correspondence to our practitioners

FAQs

Cyber incident frequently asked questions

What was the initial date of the incident?

We took some systems offline on Wednesday 21 May following detection of unusual activity on our network. We became aware of disclosure of a small amount of our data on Tuesday 27 May, which was removed within 24 hours following takedown efforts.

We have not detected any disclosure of any further Board data since this time.

What data is involved?

Some limited corporate correspondence was disclosed on Tuesday 27 May. Our review of this disclosed dataset found this correspondence did not contain sensitive personal information. The correspondence contained:

  • minimal contact information
  • some operational and resourcing information
  • bank account details for the Board and a very small number of individuals who have been directly notified.

Following a comprehensive investigation, the Board has determined that some additional data was accessed by the third party beyond the small amount of information disclosed in May.

The Board is undertaking a detailed review of this data and has commenced notifying individuals whose health, identity and financial information was involved. If you have not received a notification by email or post there is no action you need to take.

The Board is continuing to assess whether any other information was involved and will issue further notifications should this be required. This webpage will be updated when the data review and notifications are complete.

While this information was subject to unauthorised access by a third party responsible for the cyber incident, we have reason to believe that they no longer possess any Board data. We also have not detected any misuse of this information. 

In the unlikely event that the third party still holds Board data, we have obtained an injunction to prevent any access, dissemination or sharing of data involved in this incident.

When will the data review be complete?

We are working as a priority to complete our review to confirm whether any other information was involved and if further notifications may be required. We anticipate this will be completed in November.

This webpage will be updated when the data review and notifications are complete.  

Will I receive a notification letter?

The Board has commenced notifying individuals whose health, identity and financial information was involved.

These notifications are being sent by email and post. If you have not received a notification by email or post there is no action you need to take.

We are working as a priority to complete our review to confirm whether any other information was involved and if further notifications may be required. We anticipate this will be completed in November. 

We anticipate that the need for further notifications will be limited. This webpage will be updated when the data review and notifications are complete.  

Has more data been disclosed? 

We are aware the third party who disclosed a small amount of data in May (which was removed within 24 hours following takedown efforts) threatened to release more data on 15 June 2025. 

On 19 June 2025, the third party published a link to some data, claiming it related to the Board. We can confirm that this data did not relate to the Board. 

We have not detected any further activity since this time or any further disclosure of any of our data. Monitoring continues and if disclosure occurs, we will respond appropriately. 

We are also aware of media claims alleging the sale of the Board’s data to a member of the legal profession. We have investigated this and have found no evidence to substantiate these claims. 

What does the injunction do? 

We have been granted an injunction to prevent any access, dissemination or sharing of data involved in this incident. Any attempt to access this data may be in contravention of this court order.  

Is my bank/trust account information involved?

If you have not been directly contacted by the Board in relation to your banking information, your banking information was not involved and there is no action you need to take.

I’m concerned about my bank account information 

The Board has undertaken a detailed review to determine what data was accessed during the incident and has commenced notifying individuals with data involved to provide guidance on how to respond.

If you have not been directly contacted by the Board in relation to your banking information, and have not received a notification statement by email, or post, there is no action you need to take.

If you have any queries, please email incident@lpbwa.com or call our helpline on 08 7070 2413.

Whose data was involved?

The Board has undertaken a detailed review to determine what data was accessed during the incident and has commenced notifying individuals whose health, identity and financial information was involved. 

Each notification statement outlines the support services available which are specific and tailored to the data involved for each individual. 

Important - If you have not received a notification statement by email, or post, there is no action you need to take.

What support is available for potentially affected individuals?

We have a 24/7 helpline available on 08 7070 2413 to help address any further questions or concerns you may have. 

Alternatively, if you have specific concerns about the cyber incident which relate to your specific circumstances, please email the incident response team on incident@lpbwa.com so they can provide further guidance and support. 

Operational frequently asked questions

Practising certificates

Following the introduction of some interim manual workarounds while systems were being restored, we are very close to completing the distribution of renewed practising certificates directly to practitioners via email. 

There remain some practitioners who need to complete payment or provide further information for their application to be processed. If you believe you have submitted your application, but have not received confirmation from us of receipt, please contact the Enquiries team on (08) 6211 3600.

I need to apply for a practising certificate

If you have not yet applied for your Australian practising certificate, please download and complete our application form, and return it to us by email on enquiries@lpbwa.com as soon as possible. 

I need proof of my practising certificate application

We have been directly responding to all practitioners who to date have submitted their application, to confirm receipt and that we have all the information we need. We have also now issued the majority of renewed practising certificates.

If you believe you have submitted your application, but have not received confirmation from us of receipt, please contact the Enquiries team on (08) 6211 3600.

When will I get my invoice?

Online invoices and payments for practising certificates are now available via the Service Hub on our website. Individual practitioners and firm representatives can now access invoices and make payment via the Service Hub.

Please note, you will be charged the fee that applied on the date your application was submitted, not the date of payment.

If you have any concerns about an invoice that requires modification, please contact enquiries@lpbwa.com so our team can help with a resolution.

How do I pay for my practising certificate application?

Individual practitioners and firm representatives can now access invoices and make payment via the Service Hub. 

For practitioners who have requested to be contacted regarding payment or who have not yet completed payment for their practising certificate, we request that you visit the Service Hub to access your invoice/s and complete payment.

For practitioners who have requested that their firm be invoiced for payment, please contact your Accounts team and if an invoice is required, this can be downloaded via the Service Hub. 

For practitioners who have completed payment, there is no further action required, and we are working to update invoices on the Service Hub.

There’s an issue with my invoice

If you have any queries about an invoice that requires modification, please contact enquiries@lpbwa.com so our team can help with a resolution.

I’ve received two practising certificates – which one should I use?

If you submitted your application online on or after 9 May 2025, and have received a practising certificate, you may receive an email providing you with a re-issued certificate and new certificate number. This is a result of our system restoration works. 

If you receive an email with a re-issued practising certificate, please disregard the 2025-26 practising certificate you received earlier in May, and use the new one as your valid Australian practising certificate effective 1 July 2025.

I’m concerned about late fees

We understand that the manual workarounds implemented as a result of the recent cyber incident caused inconvenience for some practitioners, and we apologise for the disruption caused.

Recognising this, the Board waived the usual late fees that apply for lodging a renewal application in June. Late fees resumed as usual on Tuesday 1 July 2025.

If you have any concerns about an invoice that requires modification, please contact enquiries@lpbwa.com so our team can help with a resolution. 

Will I be certificated on 1 July 2025?

If you lodged an application with the Board to renew your practising certificate before 30 June 2025, your certificate expiring on 30 June 2025 will remain in force until your renewal application is determined.

Is the Admissions portal working?

The online Admissions portal reopened on our website on Thursday 19 September. We thank you for your patience as we worked to restore this function.

Applicants for the December admission ceremony and following are now required to submit their applications through the online portal. If you have already lodged your hard copy application, you will not be required to resubmit it through the online portal.

If you have any questions about the admission process, please contact us on 08 6211 3600 or by email at enquiries@lpbwa.com

I can’t view/add CPD Activities to the Service Hub

CPD providers can again upload CPD activities to the Board's Service Hub. The remainder of CPD related functions will be available via the Service Hub shortly. In the interim, practitioners should continue to complete CPD activities through accredited CPD providers. Once the upload function becomes available, CPD activities can be uploaded and practitioners will be able to view their CPD activities.

If you have any queries with regard to individual CPD requirements (including exemptions or applications for accreditation), you can refer to the Board’s website, or contact us at enquiries@lpbwa.com 

I need to contact/find a practitioner

Our Find a Practitioner search tool is currently unavailable. This will be restored shortly as more system functionality is brought back online. 

In the interim, please contact the Board on (08) 6211 3600 or enquiries@lpbwa.com and we can run a manual search of the system for you.