The government agency tasked with monitoring privacy breaches from cyber attacks has itself been hacked – and failed to notify Australians who may have had their information compromised.
The Office of the Australian Information Commissioner has had data stolen by the Russian criminal ransomware gang known as BlackCat, or ALPHV. The data was stolen through legal firm HWL Ebsworth, who the OAIC is a client – according to a report by The Australian.
As the Australian points out, any firm that believes it has been compromised is required to inform the OAIC under the Notifiable Data Breaches scheme, and notify potential victims within thirty days.
The OAIC itself has so far failed to do this regarding its own hack. In a statement, it denied its own systems have been compromised, but admitted data it provided to the legal firm has been.
“The OAIC can confirm that it is a legal client of HWL Ebsworth,’’ the spokesperson said.
“We have also been recently informed that some material provided to the firm has been compromised as a result of the cyberattack.
“The OAIC is in active dialogue with HWL Ebsworth to understand what information has been compromised.
“Consistent with requirements of the Notifiable Data Breaches scheme, any affected individuals will be notified.’’