Select Page

Incident: UPDATE NDIA data breach claimed to impact 11,000 “records” | iTnews

Posted by | Nov 29, 2023 | , , , , , , , | 0 |

Incident: UPDATE NDIA data breach claimed to impact 11,000 “records” | iTnews

Australian Insider Threat, 29 November 2023

National Disability Insurance Agency NDIA data breach claimed to impact 11,000 “records”

NDIA staffer charged with leaking participants’ data, acting NDIA provider also arrested

Company Breach Information: 28 November 2023 NDIA detects data breach
Company Media Release: 28 November 2023 Two charged following fraud investigations

Source: NDIA data breach claimed to impact 11,000 “records” | iTnews
Source: NDIA staffer charged with leaking participants’ data | iTnews

Featured Breach Series: HWL Ebsworth Lawyers

View more incidents relating to Insider Threats, and other Australian National Disability Insurance Scheme incident reports.

The National Disability Insurance Agency (NDIA) staffer charged in connection with a data breach is alleged to have shared around 11,000 “records” with at least one service provider associated with the scheme.

Update Jan 19 2004: 644 NDIS users not told which medical records leaked, seven months after HWL Ebsworth hack | iTnews
Almost 650 National Disability Insurance Scheme (NDIS) participants and prospective participants have still not been told which of their health records were leaked on the dark web in June last year.

NDIA was also caught up in the HWL Ebsworth breach this year, which exposed information recorded in dozens of federal agencies’ systems earlier this year.

NDIA is the government organisation that implements and manages the NDIS National Disability Insurance Scheme, which is the scheme that provides funding and services for people with disabilities, their families and carers.

Government services minister Bill Shorten stated “It appears … the charge is that this person is alleged to have provided about 11,000 records, not all participants, to providers.”

He noted it was “not a cyber breach” of the agency, but instead a case of insider threat.

Some of the information disclosed on participants included “full name, date of birth, gender address, including postcode,” but that “in a small number of cases … further details [were] disclosed.”

The agency also did not disclose when it first detected the unauthorised disclosure of participants’ of the National Disability Insurance Scheme (NDIS). Saying it “believes this incident is financially motivated” and that all impacted individuals would be directly contacted by the NDIA.

NDIS Statement

 

Rate:

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Related Posts

Audit: Victoria audit warns of weak IT controls in council systems | iTnews

Audit: Victoria audit warns of weak IT controls in council systems | iTnews

February 27, 2023

Incident: Vic councils’ after-hours call answering service breached – iTnews

Incident: Vic councils’ after-hours call answering service breached – iTnews

April 22, 2024

Incident: Prime Minister Scott Morrison’s office accidentally leaks talking points for MPs to journalists | ABC News (Australia)

Incident: Prime Minister Scott Morrison’s office accidentally leaks talking points for MPs to journalists | ABC News (Australia)

October 7, 2019

Incident: Email bungle at Australian Traffic Network seeking jobkeeper payments exposes staff’s personal details | The Guardian

Incident: Email bungle at Australian Traffic Network seeking jobkeeper payments exposes staff’s personal details | The Guardian

April 23, 2020

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

Exclusive: Prime Properties listed as breach victim by M3rx ransomware
Exclusive: Prime Properties listed as breach victim by M3rx ransomware

Hackers are alleged to have stolen more than 80,000 documents totalling 100 gigabytes of data from a Sydney-based property investment firm. • Fri, 01 … [...]

Alert! Wave of fake toll, parking scams impacting countries worldwide, including Australia and New Zealand
Alert! Wave of fake toll, parking scams impacting countries worldwide, including Australia and New Zealand

Scammers observed impersonating Aussie toll operator Linkt and the New Zealand Police and Ministry of Justice. • Wed, 29 Apr 2026 • … [...]

NZ council cyber attack leads to ID and financial data being exposed
NZ council cyber attack leads to ID and financial data being exposed

A cyber attack impacting a New Zealand city council has compromised the data of hundreds of people. • Wed, 29 Apr 2026 • Security *]:clear-none … [...]

Exclusive: NSW-based Strata Republic allegedly breached by Kairos ransomware group
Exclusive: NSW-based Strata Republic allegedly breached by Kairos ransomware group

Hackers claim to have stolen 441 gigabytes of data, including internal correspondence, driver’s licence scans and revealing Christmas party photos. • … [...]

Exclusive: Gelatissimo confirms unauthorised access, investigates DragonForce hack claims
Exclusive: Gelatissimo confirms unauthorised access, investigates DragonForce hack claims

Major Australian ice-cream retailer Gelatissimo has launched an investigation into claims made by hackers that the company was breached in a … [...]

Most Australians leaving data open to cybercriminals
Most Australians leaving data open to cybercriminals

Two-thirds of Australians are sharing key information that makes them easy targets for scammers and cyber criminals. The new research from the Department of Home Affairs also found more than [...]

NSW Treasury staffer charged over major data breach | 7NEWS
NSW Treasury staffer charged over major data breach | 7NEWS

A 45-year-old New South Wales Treasury employee has been arrested and charged with accessing and downloading over 5,500 sensitive government documents containing confidential, commercial and financial information across multiple NSW [...]

Warning Anthropic's Mythos could pose cyber risk to banks and critical infrastructure | The Business
Warning Anthropic's Mythos could pose cyber risk to banks and critical infrastructure | The Business

Australian banks, power providers and infrastructure firms do not have access to test their systems against a powerful new AI cybersecurity risk, Anthropic's Mythos. Anthropic has claimed Claude Mythos is [...]

Australian Army research paper advocates for Australian national cyber reserve force, volunteer cyber organisations
Australian Army research paper advocates for Australian national cyber reserve force, volunteer cyber organisations

A newly published Australian Army Research Centre paper has highlighted the need for Australia to establish an Australian national cyber reserve … [...]

Generation Life informs customers of ‘cyber incident’ as owner shares incident with ASX
Generation Life informs customers of ‘cyber incident’ as owner shares incident with ASX

Australian investment firm Generation Life says there is no evidence of any unauthorised transaction, but is investigating a potential data breach. • … [...]

PAW 2026
PAW 2026

On this page Privacy Awareness Week 2026 Trust is built here. In every privacy complaint. In every resolution. Privacy Awareness Week (PAW) is an annual … [...]

RentTech platforms must stop unfair and excessive personal information collection, says Privacy Commissioner
RentTech platforms must stop unfair and excessive personal information collection, says Privacy Commissioner

A determination issued today by the Privacy Commissioner finds that the 2Apply rental technology platform, operated by InspectRealEstate (IRE), … [...]

Shares
Share This

Discover more from Australian Cyber Aware

Subscribe now to keep reading and get access to the full archive.

Continue reading