April 15, 2021


Connecting People

Scouts Victoria data breach potentially nets 900 people’s personal details – Security

Scouts Victoria has notified approximately 900 people whose private details may have been accessed by third functions when workers email inboxes had been breached.

The data breach, which Scouts Victoria claimed was “most likely” the consequence of a phishing attack, was determined by the organisation’s IT staff in July and August this calendar year.

Scouts Victoria claimed that it engaged electronic forensic and cyber security professionals to investigate the incident and data associated in the breach immediately after the IT staff to begin with determined and blocked the unauthorised activity.

The “extensive” investigation discovered that sensitive facts together with household addresses, credit history card facts, driver’s licence figures, birth certificates, legal heritage facts and court docket orders may have been accessed.

The data was saved as portion of correspondence in between Scouts Victoria and “a range of individuals” connected with the organisation.

“We have contacted people who we know may have been right affected by this incident and will proceed to get the job done with them to tackle their fears,” Scouts Victoria claimed in a statement.

The Office environment of the Australian Data Commissioner (OAIC) and Companies Australia had been also notified of the breach.

Scouts Victoria claimed the organisation has considering the fact that “taken actions to make sure that incidents like this really do not reoccur”.

“We take our privateness obligations pretty severely and are investing significant assets into investigating the supply of the incident.

“While all affected customers have been notified, we motivate everyone who has questions to call Scouts Victoria and we can tackle any fears they may have.”

The adhering to facts was determined in workers correspondence, and may have been accessed in the breach:

The data that we observed relating to people bundled:

  • Initial identify
  • Very last identify
  • Cellular phone range
  • Email tackle
  • Household tackle
  • Day of Birth (DOB)
  • Credit history card facts (entire)
  • Credit history card facts (partial)
  • Tax File Number (TFN)
  • Financial institution details (BSB and account range)
  • Financial institution card
  • Driver’s licence
  • Passport
  • Other authorities-issued ID (i.e. Photo card)
  • Doing the job with kids card
  • Birth certification
  • Australian Electoral Commission facts
  • Medicare card
  • Password
  • Signatures (handwritten)
  • Delicate legal heritage facts
  • Scouts membership range
  • Court docket orders (together with pertaining to parenting)

The Australian Competitiveness and Customer Commission’s Scamwatch has obtained almost 24,000 experiences of phishing cons in Australia so significantly this calendar year, about 4200 of which had been noted in August.