Cyber incident information & updates
To our valued clients, partners and interested community members,
CatholicCare has become a victim of a data breach incident and I wholeheartedly apologise that this has happened.
Please continue to refer to this page of our website for the latest information. This is an unfolding situation and we commit to being as transparent as possible with the known facts as forensic IT investigations continue.
Newest updates will be posted at the top.
Personal letters sent to all affected individuals
Posted: 28/02/2023 1:00 pm
We can confirm that all personal letters have now been mailed to all individuals directly impacted by this data breach, via Australia Post.
If you did not receive an additional letter from CatholicCare specifically informing you that your personal details were illegitimately accessed, then you can consider yourself most likely to have not been impacted by this data breach.
We once again thank you for your continued patience and understanding. We are deeply sorry that this incident has taken place and are committed to further strengthening our cyber security position where ever possible.
Letters soon to arrive with impacted individuals
Posted: 22/02/2023 2:00 pm
Anyone whose data was caught up in this incident will receive a personal letter from CatholicCare Central Queensland within the next 10 business days.
It has taken us some time to get to this point as each letter is unique and specific to the person it is addressed to. Each letter (of which there are just under 200) outlines specifically which pieces of personal information were accessed for each individual.
The letters will be distributed via Australia Post to the mailing address that we have on our system for each person.
Indications at the end of last year suggested that this incident may have impacted around 300 people, however, we now know that number is slightly less than 200.
If you do receive a letter indicating that you are an impacted person, there are suggested steps you can take to protect yourself. If the letter notes that your Customer Centrelink number was accessed, we are recommending:
- Contacting Centrelink to inform them that your data may have been compromised as a result of a data breach, so that they can assist you to protect your identity. Centrelink’s Scam and Identity Theft Helpdesk may be contacted:
- Change your passwords to any financial services.
- Do not reuse passwords.
Our cyber security team is also liaising with Centrelink in the event there is anything more that can be done to assist.
Taking the above steps will reduce negative consequences, as far as reasonably possible. Should you require further assistance, we are strongly encouraging you to contact IDCARE which can provide further support: https://www.idcare.org/support-services/individual-support-services or by phoning toll free in Australia on 1800 595 160.
Based on the latest information from our forensic IT team, we now know:
- An illegitimate third party gained unauthorised access to our systems using a set of credentials which enabled them to deploy ransomware (it remains unknown how these credentials were obtained).
- The third party first accessed our systems in late September 2022 and then encrypted certain systems on 6 November 2022.
- On 7 November 2022, we became aware of the breach due to our systems becoming unresponsive and a ransom note message appearing on our systems.
- We commenced forensic investigations immediately by engaging cybersecurity experts. These experts have confirmed that some data was taken off our systems to the third parties’ systems.
As mentioned in our last update just before Christmas, we have retained a cybersecurity firm to monitor activity on the dark web and identify whether any information is published. Over the past month, no evidence has been found that any information has been posted online. We intend to continue this monitoring for some months and will update any individual who’s identified as a result of this monitoring.
Forensic IT Report received / hardening our cyber security position
Posted: 23/12/2022 4:00 pm
CatholicCare has now received the preliminary report from the forensic IT experts engaged to investigate the data breach incident.
It has been established that the information of less than 300 clients has been caught up in this incident. We now turn our attention to beginning the process of individually notifying those people directly. This is something which will take some time, however, we are aiming to complete this task within the next eight weeks.
It is important to note that CatholicCare is also well underway with implementing a number of recommendations which came out of the report, in order to further strengthen our cyber security position.
We are enhancing our ‘geoblocking’ security measures which only allows IT logons from a limited subset of countries from where our people need to login to our systems. We are also further limiting remote access methods, and we are performing comprehensive additional cross checks to ensure that all of our software installed on servers and workstations, applications, and other hardware is up to date with the latest patches available from vendors.
Critically, since our last update on this page, we have engaged the services of an organisation who specialise in Dark Web monitoring. Engaging in Dark Web monitoring is a proactive step that means we will be alerted if any information from the breach is published on the platform. At this stage, there is no evidence this has occurred, or that it will occur.
Relevant authorities officially informed
Posted: 17/11/2022 11:44 am
CatholicCare can now confirm it has formally notified the Office of the Australian Information Commissioner, the Australian Cyber Security Centre, Queensland Police, as well as other relevant government departments in relation to the data breach incident.
Investigations are ongoing and we are expecting to receive our first major forensic IT report in the coming days. We expect it to contain more specific information (ie what data has been accessed and who is affected). This will then put us in a position to be in direct contact with anyone whose personal information has been caught up in this incident.
We continue to thank you for your patience and would like to again reassure you we are committed to a best practice approach in the handling of this unfortunate incident.
Investigations so far show no signs that data has been removed
Posted: 10/11/2022 3:36 pm
We would like to ensure our clients and the broader community are aware that investigations so far show no signs that our data has been removed from the CatholicCare IT environment. Furthermore, nothing indicates our data has been copied or stolen.
What we know at this early stage is that a third-party has gained access to particular IT servers (associated with our aged care and disability services only) and encrypted our data which in effect means we can’t access that data at present (ie it’s locked down). This type of situation is quite different in nature to what has reportedly happened to Optus and Medibank.
Our forensic IT and cyber experts are working around the clock to categorically conclude what has happened in our situation.
We commit to keeping you informed as more details are known.
CatholicCare, alongside our high-skilled external consultants, are working as quickly as possible to ascertain precisely whose data is involved in this data breach and we will naturally be contacting those people directly.
Confirmation of Data Breach Incident
Posted: 09/11/2022 3:00 pm
Following thorough investigations into a recent system outage experienced across our organisation, we can now regretfully confirm that CatholicCare Central Queensland has been the victim of a data breach incident.
We take your wellbeing, including the protection of your data and personal information, very seriously and we wholeheartedly apologise to you that this has happened.
Immediately after discovering the system outage on Monday 7 November 2022, we shut down our aged care and disability IT servers out of an abundance of caution. We also engaged forensic IT experts and a specialist cyber incident response firm to ensure that we did and continue to do everything that we possibly can to mitigate the risks associated with this breach.
We are in the process of notifying all relevant government authorities of this incident.
This data breach involves our aged care and disability service functions specifically.
There is no indication that client data relating to the following services has been impacted:
- Domestic and family violence support
- Family support services
- The Family Relationship Centre
Together with our cyber consultants, we are working around the clock to ascertain specifically whose data has been caught up in this unfortunate incident, as well as which data might be affected.
We will directly contact you if you are impacted by this data breach.
We would like to assure you that we are not cancelling, restricting, or reducing services. While we are continuing to run services, the IT system which handles our rostering has been impacted and our team is manually scheduling services in the short-term. As you would expect, this method is not as efficient as our regular technology solutions. We have set up a dedicated phone line that you can use to notify us if a carer does not arrive to your scheduled service.
If you have previously opted into our text message service, you should have received a text message notifying you of that dedicated phone line. If you have not received that text message, the dedicated phone number to call is (07) 4977 4122.
We are deeply sorry this has taken place. We commit to keeping you informed and supported as more details become available. We appreciate your patience.
System outage – we’re working on it
Posted: 07/11/2022 10:41 am
We’re sorry! We are currently experiencing a system outage that is affecting our ability to access our service scheduling system appropriately.
Unfortunately, this will cause some disruption to all in-home client services.
At this stage, our counselling and family support services remain unaffected.
We apologise for any inconvenience that this outage causes and sincerely thank you for your patience.
We will continue to provide updates to you as they become available.