By Jessica McSweeney, Riley Walter and Frances Howe
NSW Attorney-General Michael Daley has told victims of domestic violence, including children, to take extra precautions while waiting to find out whether their data has been leaked in a breach involving 9000 sensitive court documents.
Daley said anyone who felt their safety or security had been threatened should call the police straight away.
“When we work out exactly whose accounts were compromised, [the Department of Communities and Justice] will proactively contact those account holders and advise them of what has happened and what the next steps should be,” he said.
Cybercrime detectives are investigating a “major data breach” of the NSW court website.Credit: Bloomberg
The breach, which was discovered last week during maintenance and referred to the NSW Police State Crime Command’s Cybercrime Squad on Tuesday, affected the NSW Online Registry Website, an online platform that gives access to information from both civil and criminal cases in the NSW court system.
Apprehended violence orders and affidavits were included in the breach and police said the leaked documents may include information about child victims.
Attorney-General Michael Daley.Credit: Dion Georgopoulos
Daley said it was unknown exactly what data was accessed, or whether it was downloaded or just viewed. However, none had appeared online, on the dark web or in the public domain.
“We don’t know what they’ve done with the data yet, we just know that there’s 9000 files that appear somehow to have been accessed,” Daley said, adding it would take police “about a week” to identify the hacker.
“The experts have been looking through the dark web and employing other techniques ... to work out what may have happened with the data.”
Daley said a hacker had gained access to the data through a registered user’s account before department cybersecurity staff suspended the account. Suspicious activity stopped immediately after the account was suspended, Daley said.
At 8pm on Wednesday, the system was repaired and secured.
“The government’s taking this seriously because this is a system that stores public data securely,” he said.
Detective Chief Superintendent Jason Smith of the cybercrime squad said neither the identity of the hacker – including whether it is a foreign actor – nor the origin of the breach, were known.
Smith also said people with safety concerns should contact local police.
The leak of documents relating to AVO applications could compromise the safety of the protected person, said Samantha Lee, the supervising solicitor at Redfern Legal Centre.
“There’s a drastic concern around the safety of the protected person. People certainly are apprehensive to give statements in terms of AVO proceedings and would be absolutely distraught to find out that information may have become public,” she said.
Such documents could include the names and addresses of victims and offenders and, potentially, detailed accounts of alleged offending, Lee said.
“There’s so much private personal safety information put onto the court registry. There needs to be absolute certainty to guarantee privacy ... otherwise the trust in that system will quickly erode.”
Start the day with a summary of the day’s most important and interesting stories, analysis and insights. Sign up for our Morning Edition newsletter.