Share this article on:
Powered by MOMENTUMMEDIA
Breaking news and updates daily.
Police warn that around 9,000 “sensitive court files” have been accessed, including AVOs and court affidavits.
The NSW Police revealed overnight that it had opened an investigation into a serious data breach at the Department of Communities and Justice.
“Cyber crime detectives are investigating a major data breach involving the Department of Communities and Justice (DCJ),” NSW Police said in a news update at 8.14pm on 26 March.
Officers of the State Crime Command’s Cybercrime Squad were informed of the incident on 25 March, which involved access to the DCJ’s NSW Online Registry. The registry allows access to information on criminal and civil cases.
“Cyber crime detectives commenced an investigation under Strike Force Pardey and are working closely with DCJ in order to contain the breach after approximately 9,000 sensitive court files, including apprehended violence orders and affidavits, were downloaded,” NSW Police said.
Investigations are ongoing to determine the exact nature of the data compromised in the incident.
A spokesperson for the Department of Communities and Justice told Cyber Daily that mitigation strategies have been put in place to contain the breach and that “no data has been made public as a result of the breach”.
“DCJ has reported the matter to the NSW Police Cybercrime Squad, Cyber NSW and other relevant authorities. The matter is now subject to an active police investigation,” DCJ’s spokesperson said.
“DCJ is working to urgently identify and contact affected users and will provide updates as more information becomes available.”
The DCJ published a further update on March 27, adding that the breach has been reported to Cyber Security NSW.
"DCJ takes this breach extremely seriously and is acting with urgency to identify affected individuals to ensure their safety. The unauthorised file access method used has been contained, and a thorough review of system integrity is in progress," a spokesperson for the DCJ said.
"Independent cyber security experts are conducting further assessments to verify this. No data has been found to be made public as a result of the breach. DCJ has stood up a team of experts who are forensically examining every document involved."
Michael Daley, the NSW Attorney-General, has been advised of the incident.
“I’ve been advised by the Department of Communities and Justice about a significant cyber breach affecting the NSW Online Registry Website,” Daley said in a widely reported statement.
“The NSW government is taking this incident seriously. I am assured that DCJ is working with Cyber Security NSW and the NSW Police to ensure the ongoing integrity of the system.
“They are also working to urgently identify and contact affected users, and the public will be kept updated as more information becomes available.”
As of the time of writing, no threat actor has yet claimed responsibility for the data breach.
UPDATED 28/03/25 to add further DCJ commentary.
If any member of the community believes their details may have been compromised, they are encouraged to make a report through ReportCyber. Any person who believes their safety may be at risk due to the breach should contact NSW Police.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.