Up to 8000 clients of Family Planning New South Wales have been affected by a ransomware attack on the NGO’s website. No the sort of records people every want to see disclosed.
The website was hacked on ANZAC Day, with the personal information of clients who had contacted FPNSW in the past 2 and a half years compromised – including details such as names, contact details and reasons for enquiries.
FPNSW revealed the hack to its clients in an email this past Monday, as part of its obligations under the Australian government’s new notifiable data breach scheme.
The email reportedly set out details of the attack, including that the hackers requested $15,000 in bitcoin for them to release the website – which FPNSW didn’t pay. FPNSW secured the website by 10am April 26, and Chief Executive Ann Brassil says while sensitive medical records were never under threat, and that there was no evidence that the data hacked by the cyber criminals was not used, there was a risk this data could be used in the future.
The FPNSW website remains offline, and is undergoing an external security review.
It’s believed the hack was likely part of a string of international cyber attacks targeting vulnerabilities in the Drupal website content management system.
FPNSW’s data breach comes after the Privacy Commissioner revealed last month that there had been 63 data breaches reported in the first 6 weeks of the new data breach scheme – which we blogged about here.
The attack on FPNSW is yet another reminder for businesses to review their security protocol, and to ensure they have adequate data breach response plans in place.