National Disability Insurance Scheme (NDIS) participant information has been exposed after a major data breach.

A hacking incident that targeted HWL Ebsworth - a law firm providing legal services to the National Disability Insurance Agency (NDIA) - occurred in April.

Certain NDIS participants, along with their families, caregivers, and staff, have now been confirmed to be impacted by this breach, which has ignited concerns about data safety and the agency's response time.

Russian cybercriminals claimed responsibility for the hack and allegedly posted over 1 terabyte of stolen data on the dark web in June.

The law firm, due to its contractual association with NDIA, had access to sensitive participant data. Questions were raised about the extent of participant data exposure during the breach. 

After a prolonged wait, the NDIA has recently acknowledged the breach's impact on individuals associated with the NDIS. 

However, details remain limited, causing significant distress within the disability community. 

The NDIA, which is responsible for NDIS operations, says it is collaborating with HWL Ebsworth to determine the extent of data exposure and the breach's consequences. 

Greens Senator Jordon Steele-John says privacy safeguards must be enhanced, alongside regulating the sharing of participants' data with third parties.

The NDIA has information about how to protect personal information on its website.