Share this article on:
Home Affairs has revealed that personal data has been compromised after threat actors breached a third-party firm used by the agency.
In February this year, Australian data management firm ZircoDATA was listed on the dark web leak site of the Black Basta ransomware gang, which claimed to have stolen 395 gigabytes of data, including financial documents, personal user folders, and confidentiality agreements.
Now, in a recent notification, the Department of Home Affairs has said that users of its Free Translating Service (FTS), which is run by The Migration Translators (TMT), a subsidiary of ZircoData, have had their data exposed.
Data compromised potentially includes users’ full names, dates of birth, mobile numbers, email addresses, visa details, including application numbers, visa grant numbers, delivery dates, and subclass numbers, driver’s licence data and passport information.
The Black Basta ransomware gang posted the data online in March, during which time ZircoDATA began its response and investigation into the incident, informing the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC).
In July 2024, ZircoDATA notified Home Affairs of the breach and that its data may have been compromised.
While Home Affairs confirmed its own systems were unaffected, it discovered that data stored by ZircoDATA had been accessed by cyber criminals.
Cyber Daily has reached out to the Department of Home Affairs for more information.
Home Affairs has not been the first entity affected by the ZircoDATA incident, with public healthcare provider Monash Health revealing that threat actors accessed sensitive data, including domestic violence information.
“Monash Health is aware that ZircoDATA, a Victorian-based company we used to scan archived historical documents, has experienced a data breach,” Monash Health said in an update on its website in May. “We were recently informed that Monash Health data was involved in this breach.”
“Investigation analysis indicates that the Monash Health information involved in the ZircoDATA data breach relates to a selection of archived data from the family violence and sexual assault support units at Monash Medical Centre, the Queen Victoria Hospital, and Southern Health, limited to the period from 1970 to 1993.”
On the same day, the National Cyber Security Coordinator released its own statement on the incident.
“ZircoDATA first publicly advised it had been impacted by a cyber incident in late February. Today, one of its impacted clients, Monash Health, has disclosed it has been affected by the incident,” the coordinator, Lieutenant General Michelle McGuinness, said in a statement.
“It is the responsibility of ZircoDATA to notify impacted clients, and the National Office of Cyber Security has been supporting it to do so.
“My team has been engaged with ZircoDATA on understanding and addressing the incident’s impacts since mid-March. The National Office of Cyber Security has been assisting ZircoDATA in ascertaining the full extent of the compromise and supporting both the organisation and its affected government clients to identify impacted victims and to meet their obligations to notify them.”
LTGEN McGuinness said that investigating the full extent of the breach is taking some time and that ZircoDATA was still working to establish the full list of victims involved in the data breach. LTGEN McGuinness also said that several government entities had been impacted by the breach.
“The majority of these entities are still in the process of working with ZircoDATA to identify impacted data and any victims and are yet to begin notifying impacted individuals. There are clear processes for ZircoDATA and the affected government entities to work through,” LTGEN McGuinness said.
“The National Office of Cyber Security will continue to support affected government entities in working with ZircoDATA on the process of identifying victims and notifying them. The impact for most government entities is likely to be minimal.”