The work details of 30,000 Australian public servants in the state of Victoria have been stolen in a recent data breach. The breach took place when the Victorian Government directory was accessed and downloaded by an unauthorized person. The directory is available to public servants and contains work details such as work emails, job description, and work contact numbers.
Government employees who were potentially affected by the data breach were told in an email that their mobile phone numbers may have also been accessed if they had been entered into the directory. However, no banking or financial information was affected by the breach.
“Because of this incident, you may experience increased phishing, spam, and social engineering attempts via your work email address and telephone numbers. As always, you should be aware of these risks and remain vigilant when it comes to unsolicited communications via email and telephone,” the email read, ABC reported.
Suelette Dreyfus, a researcher in cybersecurity and privacy at the University of Melbourne, said while no highly private or sensitive information had been stolen, the dataset as a whole could be valuable for a more targeted attack. The researcher added that the dataset could be useful for any individual trying to influence government decision making.
"If you take even small snippets of information and you aggregate them into a dataset, you can then get an image of the entire State Government because you know all the different people, their positions, their phone numbers … and you can figure out where the power centre is and who you would target if you were going to try to hack someone's email," Dr Dreyfus said.
"Whether that's for commercial reasons about winning a contract or whether you were an international state player who might have an interest — financial or policy-wise — all of these types of people could be advantaged by the information that was actually hacked," she said.
What immediate actions were taken?
The Premier's Department said that it had reported the incident to the police department, the Australian Cyber Security Centre, and the Office of the Victorian Information Commissioner for investigation.
“The Government will ensure any learnings from the investigation are put in place to better protect against breaches like this in the future,” a spokesperson for the department said in a statement.