Anglicare Cyber Incident
Section updated: 06/07/2021
As we reported on our website in September last year (here, here and here), Anglicare became aware in late August 2020 of a cyber incident in which our computer network was the subject of a ransomware attack by cyber criminals.
Our investigations have now concluded.
In short, we have established that the incident resulted in unauthorised access to two of our file servers. However, while our forensic investigations found some evidence of information being exfiltrated (i.e. stolen or taken from our systems), we were unable to find definitive proof as to what information, if any, was in fact exfiltrated or otherwise viewed.
Nevertheless, out of an abundance of caution, and to minimise any possible risk of harm, we have written to potentially affected individuals for whom we have contact details, to inform them of the incident, to let them know what steps we have taken, and what further steps we recommend they take with our assistance.
The purpose of this notice is to more broadly inform the community of the incident including bringing the incident to the attention of potentially impacted individuals who we have not been able to contact.
In late August 2020, Anglicare's computer network was the subject of a ransomware attack by cyber criminals. As soon as we became aware of this attack, we took our impacted systems offline, satisfied ourselves (with the help of experts) that there was no longer any ongoing threat, and then started to remediate and restore our systems.
After a detailed investigation, including by external forensic investigators, it was found that there had been unauthorised access to seven of Anglicare's computer servers, including two file servers that contained personal information.
Since then, we and our experts have undertaken a thorough review of all the information held on those two file servers. That data was 'unstructured', making the task a complex one. It has therefore taken some time to determine the kinds of information held and the individuals potentially impacted.
Ultimately, we were unable to find definitive proof as to any particular information being accessed or taken. Pleasingly, despite our regular monitoring online, we have not seen evidence of any data being leaked.
Steps taken in response
Despite the inconclusive evidence, out of an abundance of caution, and to minimise any potential harm, we have written to potentially impacted individuals for whom we have contact details to inform them of the incident, to let them know what steps we have taken, and what further steps we recommend they take with our assistance.
We have also formally reported the incident to the Office of the Australian Information Commissioner, as well as the Australian Cyber Security Centre and the NSW Police Force (Cybercrime Squad reference E75817938).
We have sought to use the incident as an opportunity to continue to improve and strengthen our information and network security. We are doing everything reasonably possible, going forward, to protect information relating to our staff, clients, customers, residents and other stakeholders.
Have I been impacted?
If you are concerned that you may have been affected by this incident but you have not yet been contacted by us, or if you need more detail about the incident, we have set up a support line for you to contact: 1300 111 278 or firstname.lastname@example.org.
Our support line staff will be able to tell you whether or not you are impacted by the incident and, if you are, point you in the right direction for further assistance.
We have also updated our FAQ page, which can be accessed here.
Section updated: 28/10/2020
Anglicare Sydney updates you into the recent cyber-attack on Anglicare’ security and data systems.
Significant progress has been made since our last update in September. Two separate sets of expert teams have undertaken forensic work and are nearing the end of their investigations. They have confirmed there is no ongoing threat or unauthorised access to our systems. They have also been able to narrow the focus of the investigation by ruling out certain systems which were not affected.
The next stage of the investigation is determining what information may have been impacted. The complexity of this work means it will take a number of weeks, for which we have engaged a specialist third party to undertake a detailed analysis of potentially impacted data.
While we work to finalise the investigations, we encourage everyone to continue good cyber security practices, including being cautious of telephone or email scams and not giving out personal information to people you don’t know as a precaution.
Section updated: 15/09/2020
In the interests of keeping all our stakeholders informed, Anglicare provides the following update on the security systems breach we announced on 2 September 2020.
As noted in our previous announcement, on Monday 31 August at 1.00am, a cyber security incident was first detected. This involved a ransomware attack targeting a range of Anglicare’s information systems and servers. We are aware that a number of other organisations across NSW and Australia have also recently been subject to similar cyber-attacks.
Anglicare took immediate steps to isolate and block the unauthorised access to our systems. We quickly notified relevant State and Federal authorities and are continuing to work closely with external partners including cyber security experts to restore our systems. We have also increased cyber security measures across the organisation. A detailed investigation into the incident, including forensic investigations to clearly identify what information may have been accessed, has been initiated.
At this time, it remains unclear whether or not any personal information has been accessed and we are working to determine this as quickly as possible. In the event that we determine personal information has, or is likely to have been, accessed, we will inform affected individuals in accordance with our commitment to privacy and other obligations to clients, staff and other stakeholders.
To keep informed about the latest scams, visit www.scamwatch.gov.au. For facts sheets and information to help prepare, prevent, detect and respond to cyber related issues, visit www.idcare.org/learning-centre. For advice and information about how to protect you, your family and your business online visit www.cyber.gov.au.
If you do have specific questions about this incident, please contact email@example.com.
We will provide more detailed information following these investigations and update the website accordingly.
Further News and Media Releases
Statement from Anglicare Sydney - 2 September 2020
Statement from Anglicare Sydney - 19 September 2020