The handling of personal information held by HWL Ebsworth Lawyers is being investigated by the Office of the Australian Information Commissioner.

On May 8 last year, the firm – which is known to manage litigation on insurance claims – reported that a cyberattack had compromised the data of hundreds of motor injury insurance claimants, many private sector clients and 65 public entities.

The attack involved ransomware and the publication of stolen data on the dark web.

The watchdog is now investigating the firm’s security and protection of personal information, and its notification of the data breach to affected individuals.

If Commissioner Angelene Falk finds interference with the privacy of individuals has occurred, HWL Ebsworth may be required to redress any loss or damage.

If serious or repeated interference with the privacy of individuals is found, she may seek civil penalties from the Federal Court of Australia.

The government co-ordinated assistance for HWL Ebsworth for 16 weeks after the breach.

The Insurance Commission of WA says it is working with more than 300 affected motor injury insurance claimants, while NSW state insurer icare has said about 800 of its customers may have been affected.

The Notifiable Data Breaches scheme in the Privacy Act specifies that organisations take reasonable steps to inform affected individuals as soon as practicable.