Threat Watch

30,000 Victorian Public Servants Work Details Stolen in Breach

An unauthorized person accessed the Victorian Government directory and were able to download it. The directory includes emails, job description, and work contact numbers. No banking or financial data was accessed in the breach but that does not mean the attacker won’t be back to perform a larger scale attack. Dr. Suelette Dreyfus from the University of Melbourne commented on the situation saying, “If you take even small snippets of information and you aggregate them into a dataset, you can then get an image of the entire State Government because you know all the different people, their positions, their phone numbers … and you can figure out where the power center is and who you would target if you were going to try to hack someone’s email.” The breach has been reported to the police department as well as the Australian Cyber Security Center.

ANALYST NOTES

Due to the fact emails were accessed in this specific breach, increased attempts at phishing attacks could be seen along with social engineering attacks. Users who are aware of these facts should always be cautious when dealing with unrecognized communicators.