Russian hackers have successfully breached a data firm used by hundreds of Australian businesses and government agencies, resulting in the details of tens of thousands of Australians being auctioned off on the dark web.
ZircoDATA and the federal government have begun the process of determining what data was compromised from more than 200 Australian organizations affected by the February breach.
On Friday it was revealed that hackers accessed 4,000 confidential Monash Medical Center documents and the electronic profiles of 60,000 Melbourne Polytechnic students.
Among the leaks from Monash Medical Centre, Queen Victoria Hospital and Southern Health were archived documents relating to family violence and sexual support units in Melbourne’s east between 1970 and 1993.
National Cyber Security Coordinator Gen. Michelle McGuinness said Friday the government was working closely to identify the scope of the attack.
In February ZircoDATA said in a statement that an “unauthorized third party” accessed its systems after hackers said they had done so on the dark web.
The web publication of the well-known cybernetwork Black Basta details an auction of the stolen information, which prompted an AFP investigation.
The federal government is working with Victorian data company ZircoDATA, which suffered a data breach in February (file image).
Among the stolen documents were 4,000 archived records from Monash Medical Center relating to sexual violence in Melbourne’s east.
Following the February 22 publication and subsequent investigation, Ms McGuinness said on Friday that “the impact for most government entities is likely to be minimal”.
“(We) are still in the process of working with ZircoDATA to identify affected data and victims, and we have yet to begin notifying affected individuals,” he said.
Monash Health said it is verifying the identities of those compromised before contacting them so as not to inadvertently expose them to retaliation from hackers.
Executive Director Professor Eugine Yafele told the age that he was assisting in the investigation and was sorry to those who have been affected.
“It is of utmost importance to us to provide support to those who may be affected by this breach,” he said.
“We are deeply disappointed to be in this position and understand the distress this may cause affected customers.”
Yafele said his teams were working “tirelessly” to identify those affected by the hack, which McGuinness said was especially concerning as some stolen files were linked to sexual violence.
“This is a worrying development for those who have been affected, or believe they may have been, by this exposure,” Ms. McGuiness said in X.
ZircoDATA is still trying to determine the full list of affected individuals and organizations and in the meantime, Monash Health has launched a website and a hotline for those who fear their documents have been stolen.
National Cyber Security Coordinator Gen. Michelle McGuinness said Friday the government was working closely to identify the scope of the attack.
The federal government is working with ZircoDATA and organizations affected by the hack to determine who is affected.
Melbourne Polytechnic revealed that hackers had also accessed the enrollment information of 60,000 past and present students, collected and stored by ZircoDATA.
CEO Frances Coppolillo said the hackers recovered “low-risk identity attributes,” including names, student ID numbers, addresses at the time of enrollment and dates of birth.
“Melbourne Polytechnic apologizes unreservedly to everyone affected by this incident,” Coppolillo said in a statement.
“We have contacted all current students affected and are trying to contact previous students, many of whose contact details may have changed in the last 10 years.”
In Black Basta dark web posts boasting about the hack the group claimed to have accessed 395 gigabytes of ZircoDATA files, which included scans of passports, individual immigration identifiers and other sensitive documents.
Another group, Crypmans, also allegedly breached ZircoDATA systems in January.
The AFP launched an investigation into the breach after a well-known cybernetwork announced an auction of the stolen data on the dark web on February 22 (stock pictured).
Cybersecurity company Cyble tracks known hacker groups and scours the dark web for information and alerts about company breaches and has confirmed that it was assisting multiple companies affected by ZircoDATA breaches.
Cyble’s Kapil Barman said he wasn’t sure if the hacks were related but that they both used the same thing. vulnerability to enter ZircoDATA systems.
Cybersecurity manager at Risk Associates, which also works with Cyble, Sameer Pradhan, told the publication that it had identified 191 Australian organizations affected by the attacks.
On Saturday, the Department of the Interior confirmed its investigation into the matter.
The department could not confirm who was responsible for the attacks or which government agencies were affected.
The CSIRO said it had not been notified of any exposure through the breach and the The Australian Pesticides and Veterinary Medicines Authority did not respond to questions. Both are listed as ZircoDATA clients.
Information Commissioner Sean Morrison has confirmed that his office will “continue to monitor the incident and… will receive updates as necessary.”
