Australian Information Security Incident Reported: December 30 2019

Anglicare Sydney 4 laptops stolen from office by unknown parties

Files and emails may contain detailed personal and medical information

Source: Data breach notification 30 Dec, 2019 | Anglicare Sydney

Date First Posted: 30 Dec, 2019 (Reposted from Anglicare Sydney Website)

In accordance with our Privacy obligations, we are informing you of an incident involving an unauthorised entry into Anglicare Sydney – Telopea office on 10 November 2019 resulting in 4 staff laptops being stolen by unknown parties. On Monday 11 November 2019, our staff immediately reported this incident to the Police.

In response to this incident, Anglicare Sydney staff immediately changed their user passwords and the affected computer accounts were disabled so that the Anglicare Sydney network will not be accessible from these laptops via any method. We have also been identifying the nature of any information potentially still accessible from the laptops.

Based on the information provided by the Police regarding the circumstances of the unauthorised entry, we understand it is most likely the laptop hard drives have been wiped for the purposes of selling the laptops. However, there is still a possibility of unauthorised access to personal information on the hard drive and in emails dating back to November 2018. Some of these emails may contain personal information, such as: dates of birth, home addresses, phone numbers, email addresses, court documents, financial information, medical information, Medicare/Centrelink information, driver licence number, passport number, family history and religious affiliation.

We have undertaken a review of our processes and are implementing additional security measures to protect data on staff laptops going forward.

Although we think it is most unlikely that personal information will be accessed on the laptops, we recommend you remain alert to any contact from unknown third parties or any suspicious activity.