Victoria’s emergency services hit by massive personal data breach
Victoria Police will probe a massive data breach that has hit the state government, with the personal medical information of hundreds of staff circulating on the dark web.
National
Don't miss out on the headlines from National. Followed categories will be added to My News.
EXCLUSIVE: Victoria Police will probe a massive data breach that has hit the state government, with the personal medical information of hundreds of staff circulating on the dark web.
The breach, revealed by the Herald Sun last night, has been referred to police by the government today.
The Department of Premier and Cabinet confirmed this afternoon that multiple government agencies were caught in the breach.
MAJOR DATA BREACHES: CYBER THREAT IN AUSTRALIA GROWS
DATA SECURITY: BREACHES HAPPENING EVERY DAY
“The Department takes these issues seriously and is working with agencies to ensure data security is heightened to reduce the potential for any additional breaches,” a spokeswoman said.
Leading cyber security service IDCARE has also been tasked by the government to advise on “effective response and mitigation to the issue”.
The Herald Sun revealed last night at least 10 gigabytes of text-only information appears to have been stolen from state government networks, relating to agencies including the CFA, Emergency Management Victoria, Parks Victoria and the Department of Environment, Land, Water and Planning.
The data breach is understood to have taken place in October.
The Herald Sun contacted several affected agencies about the matter on November 7 but received blanket denials about cyber security issues.
But on Friday night, the Herald Sun became aware that some files stolen from inside the state government had become available on the open web.
More data was also circulating on the dark web — a hidden part of the internet surfed by hackers, where private information is often sold and traded.
Files seen by the Herald Sun include the names of thousands of emergency services personnel, including CFA volunteers and police officers.
Some of the data lists medical conditions they are suffering and how these ailments affect their duties. In some cases, people’s home addresses were detailed.
Information about the state’s critical infrastructure — including incident control centres and communications towers — is also believed to have been breached.
There is understood to be hundreds more files involved which the Herald Sun has so far been unable to access.
Agencies contacted by the Herald Sun earlier this month indicated they were not aware of any data breach.
At the time, a DEWLP spokesman said the agency had reviewed its cyber security systems after the Herald Sun’s inquiries and confirmed “there have been no reported data breaches”.
The spokesman had said an investigation would be carried out “to confirm whether any breach has occurred and seek to rectify any issues that are identified”.
As of Friday night, it is understood DEWLP and Parks Victoria had not identified a breach from their systems.
A CFA spokeswoman said they were investigating the issue and would implement “any security protocols necessary to ensure the protection of personal data”.
Originally published as Victoria’s emergency services hit by massive personal data breach
‘Angels’: Hero Coles workers save mum’s life
A mother of three has opened up on how her life was saved after she suddenly collapsed while doing a routine supermarket shop.
Wildlife and traffic fears over music festival
Wildlife advocates fear a weekend music festival in central Victoria will endanger native animals including rescued joeys.