Select Page

Incident: UPDATE NDIA data breach claimed to impact 11,000 “records” | iTnews

Incident: UPDATE NDIA data breach claimed to impact 11,000 “records” | iTnews

Australian Insider Threat, 29 November 2023

National Disability Insurance Agency NDIA data breach claimed to impact 11,000 “records”

NDIA staffer charged with leaking participants’ data, acting NDIA provider also arrested

Company Breach Information: 28 November 2023 NDIA detects data breach
Company Media Release: 28 November 2023 Two charged following fraud investigations

Source: NDIA data breach claimed to impact 11,000 “records” | iTnews
Source: NDIA staffer charged with leaking participants’ data | iTnews

Featured Breach Series: HWL Ebsworth Lawyers

View more incidents relating to Insider Threats, and other Australian National Disability Insurance Scheme incident reports.

The National Disability Insurance Agency (NDIA) staffer charged in connection with a data breach is alleged to have shared around 11,000 “records” with at least one service provider associated with the scheme.

Update Jan 19 2004: 644 NDIS users not told which medical records leaked, seven months after HWL Ebsworth hack | iTnews
Almost 650 National Disability Insurance Scheme (NDIS) participants and prospective participants have still not been told which of their health records were leaked on the dark web in June last year.

NDIA was also caught up in the HWL Ebsworth breach this year, which exposed information recorded in dozens of federal agencies’ systems earlier this year.

NDIA is the government organisation that implements and manages the NDIS National Disability Insurance Scheme, which is the scheme that provides funding and services for people with disabilities, their families and carers.

Government services minister Bill Shorten stated “It appears … the charge is that this person is alleged to have provided about 11,000 records, not all participants, to providers.”

He noted it was “not a cyber breach” of the agency, but instead a case of insider threat.

Some of the information disclosed on participants included “full name, date of birth, gender address, including postcode,” but that “in a small number of cases … further details [were] disclosed.”

The agency also did not disclose when it first detected the unauthorised disclosure of participants’ of the National Disability Insurance Scheme (NDIS). Saying it “believes this incident is financially motivated” and that all impacted individuals would be directly contacted by the NDIA.

NDIS Statement

 


About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

Unfolding in real time: Artificial intelligence is reshaping cybersecurity

Key takeaways The cybersecurity capability of next-generation frontier artificial intelligence (AI) models is increasing rapidly. Large language … [...]

NSW Government Bulletin: Managing employee social media content in the public sector

Over recent years, the increase in social media activity across different platforms has facilitated opportunities for employees to comment on a broad … [...]

Australia: Pixel Perfect – The regulator addresses use of tracking pixels

On 11 June 2026, the Office of the Australian Information Commissioner (OAIC) published two determinations against Medmate Australia Pty Ltd (Medmate) … [...]

Discover how modern corporate investigations are shifting from email to chat and encrypted apps. Learn essential strategies for defensible forensic… [...]

Australian Cyber Aware - As It Was 2606 - June 2026

This monthly review provides a curated summary of Australian and New Zealand cyber, privacy, and information security developments identified during … [...]

Key Trends in Cyber Security and Data Privacy (2026): a General Counsel lens - Governance Institute of Australia

Cyber security and data privacy are now core governance tests – demanding clear decision-making authority, disciplined escalation and evidence that … [...]

OAIC ordered to turn over Amex privacy determination in full

Australia’s privacy watchdog has been told to turn over full details of an investigation into American Express that uncovered security and access … [...]

How to stay cyber secure: Australia’s top cyber agency releases Privileged User Training video series

The new training series offers a pathway for IT professionals to strengthen their cyber security skills and better understand cyber criminal … [...]

NSW Rural Fire Service admits security incident

The NSW Rural Fire Service (RFS) is investigating a cybersecurity incident after a hacker gained access to its information and communications … [...]

Scams surge as cybercrime falls

Cybercrime declined in Australia last year, but fraud and scams bucked the trend and victims have given up complaining, the Australian Institute of … [...]

Generation Life confirms customers impacted in April cyber incident

Aussie investment firm Generation Life has confirmed that customer data was impacted in a cyber attack it suffered back in April. • Fri, 26 Jun 2026 • … [...]

In wake of KPMG scandal, government considers splitting accounting firms' auditing and consulting arms

Accounting firms could be asked to split their lucrative consulting services from their audit functions and individual firm partners could face far … [...]

Shares
Share This

Discover more from Australian Cyber Aware

Subscribe now to keep reading and get access to the full archive.

Continue reading