Canberra, Oct 25
Personal data, including passport and visa information, has been compromised in a cyber attack on a data firm contracted by Australia's Department of Home Affairs.
News Corp Australia newspapers reported on Friday that data from the Department of Home Affairs, which oversees Australia's law enforcement, national security, emergency management, immigration and cyber security, was exposed in a January cyber attack on Australian firm ZicroDATA, Xinhua news agency reported.
Australian visa holders who used the department's Free Translating Service (FTS), which is run by a subsidiary of ZicroDATA, were advised by a recent departmental alert that their visa application, full names, phone numbers, dates of birth, driver's licenses, and passports were compromised in the breach.
The data was first listed on the dark web in February but the Department of Home Affairs said it was only notified in July that the dataset included documents obtained by the government from people who accessed FTS between 2017 and 2022.
The departmental Cyber Security Incident alert issued to FTS clients instructed them not to attempt to search the dark web for the data, warning that doing so could lead to further potential harm.
A spokesperson for the department told News Corp Australia newspapers that they were working with ZicroDATA to notify impacted clients and advise them on steps they can take to protect their information.
"The department has prioritised accuracy to ensure all relevant details are communicated clearly to those impacted and to put in place the necessary remedial support services, in agreement with ZircoDATA," they said.
Public healthcare provider Monash Health in May revealed it was affected by the ZicroDATA breach, with archived data relating to family violence and sexual assault support units dating from 1970 to 1993 compromised.
The national cyber security coordinator, Michelle McGuinness, said in a statement on May 3 that she was coordinating a response from federal, state and territory governments to the ZicroDATA incident.
"While work is ongoing, it is clear this breach has also affected other government entities who are clients of ZircoDATA," McGuinness said at the time.
She said that the National Office of Cyber Security would work with government entities to identify and notify victims.