Technology

Potential personal data breach of about 900 people after Scouts Victoria hacked

Potential personal data breach of about 900 people after Scouts Victoria hacked

Hackers have potentially gained access to the personal data of almost 1000 people after a privacy breach at Scouts Victoria.

Scouts Victoria confirmed it had notified about 900 individuals throughout September regarding “unauthorised activity” targeting their email system.

The organisation said in a statement it had been identified that third parties had gained access to staff email inboxes in late July and early August this year most likely using the scamming technique known as phishing.

It said an extensive forensic investigation and security review was completed that found people associated with Scouts Victoria may have potentially had their data accessed by an unauthorised third party.

Scouts Victoria said the data accessed included names, phone numbers, residential addresses, email addresses, date of birth details and birth certificates, credit card information, bank details, tax file numbers, drivers’ licences, passports, passwords, Medicare cards and Australian Electoral Commission information.

Scouts Victoria said it had already taken steps to make sure it didn’t happen again.

It said it had also notified relevant government authorities, including the Office of the Australian Information Commissioner and the Department of Human Resources.

“We take our privacy obligations very seriously and are investing significant resources into investigating the source of the incident,” Scouts Victoria said in a statement.

“Our IT team identified and blocked the unauthorised activity to protect information held on our systems.

“We engaged digital forensic and cyber security experts to investigate the incident and the data involved.

“The investigation found that correspondence relating to a number of individuals associated with Scouts Victoria is among the data potentially accessed by unauthorised third parties.”

Scouts Victoria said all individuals directly affected by the data breach had been contacted and it would work with them to address any concerns.

[email protected]