Responding to a global cyber incident - Major Multinational Corporation

We advised a major multinational corporation on the legal issues arising from the MOVEit cyber attack, a global incident that affected at least 130 organisations and 15 million individuals.

Our solution

The attack had significant implications for the corporation beyond standard data breach response, including compliance obligations under Australia's security of critical infrastructure legislation in addition to reporting requirements under Australian privacy law.

We advised on the full range of legal issues and the practical implementation of solutions to enable the corporation to meet both its national security obligations and its privacy obligations. This included managing notifications to various governmental authorities and regulators, and advising on communications with potentially affected employees and individuals. These communications carried an added degree of complexity given the critical infrastructure implications of the attack.

Client outcome

Our client was able to navigate a complex, multifaceted incident with confidence, meeting its obligations under both the security of critical infrastructure framework and Australian privacy law. By addressing the interplay between national security and privacy requirements, the corporation fulfilled its reporting and notification obligations in a coordinated and timely manner, while managing sensitive communications with affected individuals appropriately.