Aboriginal Family Support Services (AFSS), a non-government organisation contracted by the South Australian Government for child welfare and protection services, has recently experienced a significant data breach.
Detected on November 27, this breach potentially compromises sensitive personal information, including payment details and identification documents of around 1,000 community members.
The Department for Child Protection, which contracts AFSS, clarified that the breach did not extend to any South Australian Government IT systems.
Despite the severity of the incident, the department reassured that AFSS's ability to provide community services remains unimpeded.
This breach is part of a series of recent cybersecurity incidents in the region, following an earlier breach at Super SA in October and a separate data compromise at SA Health due to "unintentional human error" at patient portal Personify Care, leading to the deletion of sensitive patient information.
The National Office of Cyber Security is working directly with the South Australian Government to support the Aboriginal Family Support Services, which is the victim of a cyber incident impacting their networks and data.I am receiving regular briefings and my office is…
— National Cyber Security Coordinator (@AUCyberSecCoord) December 7, 2023
Continuing reminder to be vigilant
In a statement addressing the seriousness of the incident, Department for Child Protection deputy chief executive Adam Reilly said: "The state government takes the privacy and confidentiality of personal data seriously and we are working with AFSS to help ensure those who may have been affected can access the support they need.
"Events such as this serve as a continuing reminder of the need to be vigilant about our personal security and having a prudent approach to information protection."
AFSS's role in providing crucial services in child welfare, child protection, family support and family-based foster care underscores the critical importance of safeguarding the personal information of those it serves.
The ongoing response to this breach is being closely monitored by the involved governmental departments and cybersecurity agencies.
The breach is currently under investigation by both the National Office of Cyber Security and the Office of the Australian Information Commissioner.