Page up to date: 28/10/2020
Anglicare Sydney updates you into the recent cyber-attack on Anglicare’ security and data systems.
Significant progress has been made since our last update in September. Two separate sets of expert teams have undertaken forensic work and are nearing the end of their investigations. They have confirmed there is no ongoing threat or unauthorised access to our systems. They have also been able to narrow the focus of the investigation by ruling out certain systems which were not affected.
The next stage of the investigation is determining what information may have been impacted. The complexity of this work means it will take a number of weeks, for which we have engaged a specialist third party to undertake a detailed analysis of potentially impacted data.
While we work to finalise the investigations, we encourage everyone to continue good cyber security practices, including being cautious of telephone or email scams and not giving out personal information to people you don’t know as a precaution.
15/09/2020
In the interests of keeping all our stakeholders informed, Anglicare provides the following update on the security systems breach we announced on 2 September 2020.
As noted in our previous announcement, on Monday 31 August at 1.00am, a cyber security incident was first detected. This involved a ransomware attack targeting a range of Anglicare’s information systems and servers. We are aware that a number of other organisations across NSW and Australia have also recently been subject to similar cyber-attacks.
Anglicare took immediate steps to isolate and block the unauthorised access to our systems. We quickly notified relevant State and Federal authorities and are continuing to work closely with external partners including cyber security experts to restore our systems. We have also increased cyber security measures across the organisation. A detailed investigation into the incident, including forensic investigations to clearly identify what information may have been accessed, has been initiated.
At this time, it remains unclear whether or not any personal information has been accessed and we are working to determine this as quickly as possible. In the event that we determine personal information has, or is likely to have been, accessed, we will inform affected individuals in accordance with our commitment to privacy and other obligations to clients, staff and other stakeholders.
To keep informed about the latest scams, visit www.scamwatch.gov.au. For facts sheets and information to help prepare, prevent, detect and respond to cyber related issues, visit www.idcare.org/learning-centre. For advice and information about how to protect you, your family and your business online visit www.cyber.gov.au.
If you do have specific questions about this incident, please contact privacy@anglicare.org.au
We will provide more detailed information following these investigations and update the website accordingly.
Statement from Anglicare Sydney - 2 September 2020
Statement from Anglicare Sydney - 19 September 2020