NSW Reconstruction Authority reveals serious data breach
The NSW Reconstruction Authority (RA) announced over the long weekend a data breach involving personal information belonging to some people who applied for the Northern Rivers Resilient Homes Program (RHP).
The breach occurred when a former contractor of the RA uploaded data containing personal information to an unsecured AI tool (ChatGPT). The department says there is no evidence that any information has been made public; however, Cyber Security NSW will continue to monitor the internet and the dark web to see if any of the information is accessible online.
Although only notified this week, the department has revealed that the breach actually occurred between 12 and 15 March. Once the full scope of the breach was understood, RA says it took immediate steps to contain any further risk. Forensic analysts have been engaged, and a detailed investigation was launched to determine what was shared, what risks may exist and who was affected.
RA says it understands the news is concerning and has apologised for the distress it may cause for those who have engaged with the program, also saying that those affected will be contacted this week.
So far, there is no evidence that any of the uploaded data has been accessed by a third party.
The data involved was a Microsoft Excel spreadsheet containing 10 columns and over 12,000 rows of information. Every row is being carefully reviewed to understand what information may have been compromised.
Based on early forensic analysis, up to 3000 people may be potentially impacted.
At this stage, the information known to have been disclosed includes names and addresses, email addresses, phone numbers, and some personal and health information.
This process has been complex and time-consuming and RA has acknowledged that it has taken time to notify people, but says that within a week it will contact anyone impacted to confirm exactly what data was shared and offer personalised support.
The Reconstruction Authority says it understands the seriousness of this breach and is deeply sorry for the potential impact on people.
ACSC says to stay ahead of the quantum threat
The Australian Cyber Security Centre says that organisations need to be taking steps now to...
ASD and Splunk launch CTIS plug-in
The Australian Signals Directorate and Splunk have partnered to develop a plug-in that...
Genetec Security Center SaaS offers faster, smarter investigations
Intelligent automation capabilities in Security Center SaaS now help operators quickly locate...
