Overview
- Both parties issued near-identical statements on July 17 warning that a June 23 ransomware attack may have exfiltrated internal data records.
- They still cannot determine which emails, attachments and confidential documents were stolen and say notifying individuals is impractical.
- Exposed information could include email addresses, phone numbers, banking details, identity files and employment histories.
- Systems are being secured and recoverable data restored from backups as the Office of the Information Commissioner and Australian Signals Directorate review the breach.
- Privacy lawyers say new statutory tort claims for serious invasions of privacy could expose the parties despite their exemption from the Privacy Act.