Data hack hits thousands of ambos
A rogue employee is suspected of hacking the private financial data and personal details of thousands of Victorian ambulance staff.
Police are investigating a massive data breach at Ambulance Victoria after the private financial and personal data of up to 3000 employees was hacked.
The Australian can reveal emergency services chiefs called in Victoria Police and Australian Federal Police on Friday amid fears the security breach had compromised the personal files of thousands of staff.
The prime suspect is a rogue member of staff who recently left the service, but transferred the trove of personal data while they still had access to the ambulance computer system.
Staff names, email accounts, home addresses, mobile and home phone numbers, and emergency contact details are among the looted personal data.
Bank account details, superannuation accounts and Australian Taxation Office numbers of thousands of employees is also believed to have been taken in the hack in which staff gender, birth date, nationality and residency status were also compromised.
Ambulance Victoria chief executive Andrew Crisp alerted staff to the data breach in Friday, in a letter headed “unauthorised transfer of Ambulance Victoria files containing staff personal information”.
“Investigations are ongoing and if appropriate, may proceed to prosecution,” he told staff.
“Ambulance Victoria’s data security systems detected the unauthorised transfer of files containing personal and financial information of AV staff by a now-former employee on their last days of service.
“AV acted immediately to take action to secure and delete those files as well as notifying Victoria Police, the Australian Federal Police and other relevant state and federal cyber and data security agencies.”
Victoria Police has confirmed an investigation is under way.
“Detectives from the cybercrime squad are assessing a report of a data breach affecting a Victorian emergency service organisation,” a police spokesman said.
“Inquiries are under way to determine the circumstances and impact of the incident.”
Ambulance Victoria has been approached for comment.
In his letter, Mr Crisp said staff would be allocated a case manager to help them deal with the impact of the hack and he warned staff to be “vigilant” in moving to secure the personal information in the wake of the security breach.
He said Ambulance Victoria had ordered a review of internal security of computer files and was increasing internal systems to detect suspicious activity.
“We have worked diligently to identify and contain the breached data caused by this incident,” he wrote. “We are continuing to co-operate with relevant regulatory authorities to assist them to undertake a thorough investigation.”
In addition to calling in police, Ambulance Victoria has notified the Victorian Information Commissioner, the Office of the Australian Information Commission-er, the ATO and the Australian Cyber Security Centre.
“While we have been taking, and will continue to take, steps to help reduce any impact to you resulting from this incident, we strongly recommend you also regularly monitor your online services accounts and transaction history for any unauth-orised activity,” Mr Crisp wrote.
Ambulance Victoria has advised staff to review their security settings to protect their information, including updating passwords, enabling two-factor authentication and be on alert for phishing attempts.
More Coverage
Add your comment to this story
Princess of pop’s newest crowning
Two months after beginning her world tour here, Melbourne-born pop singer-songwriter Kylie Minogue will soon be honoured with one of the top accolades in Australian music.
Greens in turbo-charged blitz to sandbag their seats
Adam Bandt will this week embark on a blitz of the Brisbane seats won by the Greens in 2022, with the party set to make a flurry of multibillion-dollar announcements.
To join the conversation, please log in. Don't have an account? Register
Join the conversation, you are commenting as Logout