The four, made up of ANZ, Commonwealth Bank, National Australia Bank and Westpac, revealed themselves as customers of HWL Ebsworth, whose systems were breached in early May, leading to the theft of approximately 4 terabytes of data.

Of the four, NAB is the only bank to confirm that its data was exposed after hackers from the ALPHV (also known as BlackCat) threat group behind the attack posted online that they had stolen data from it.

“We are aware that HWL Ebsworth, a law firm engaged by NAB for some legal services, has been affected by a cyber attack,” a bank spokesman said.

The bank added that while data held by HWL Ebsworth may have been compromised, its own systems remained secure.

“NAB's systems were not affected and remain secure. We are working with HWLE as they continue to receive more information in relation to the content of these questions.'

The other three banks all said they were working with HWL Ebsworth to determine exactly what data was exposed and whether any of their customer's data was at risk.

“ANZ is aware of the HWL Ebsworth (HWLE) cyber incident. ANZ's systems are not affected,” ANZ said in a statement.

“ANZ is a client of HWLE on some legal matters.

"We are working with HWLE and others to understand and address the potential exposure and will be contacting directly those employees and customers who may have been affected and should be notified."

The big four banks join several other major institutions as victims of the hack, with over 40 government agencies and departments, including several cyber security bodies and authorities such as the Office of the Australian Information Commissioner (OAIC) ​​and the Australian Federal Police (AFP) . having been affected.

According to CyberCX Director of Cyber ​​Intelligence and Public Policy, Kathryn Manstead, attacking high-profile targets such as large organizations and government is consistent with ALPHV's threat model of "hunting big game."

"They are one of the most prolific threats in Australia and have been for some time since they first appeared on the scene," she told The Australian Financial Review.

“We have observed them compromise at least 14 Australian organizations and many of them are in the professional services sector.

“It was quite deliberate about the targets it attacked; professional services in a sector that ALPHV assesses as having quite sensitive information that may put it at risk.'

Ms Manstead added that ALPHV was the first threat group seen to publish stolen data on the public internet, rather than the dark web, in an attempt to maximize the damage caused by the disclosure of stolen data.

While the ransomware demands are currently unknown, HWL Ebsworth said it is refusing to pay the hacking group what it wants.

“We take our ethical and moral obligations to the community very seriously. We believe we have a fundamental civic duty not to in any way encourage or be seen as condoning the criminal activity of extorting money by taking and threatening to publish other people's data," the law firm told the ABC.

"The privacy and security of our customers' and employees' data remains paramount. We recognize and understand the impact this can have and are communicating closely with our customers.”

For more cybersecurity news, click here.