This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Aboriginal Family Support Services

Summary

Aboriginal Family Support Services (AFSS), a South Australian community organisation contracted by the state government to provide child protection services, detected a data breach on 27 November 2023. The incident affected approximately 1,000 Aboriginal community members, with personal information including payment details and identification documents potentially compromised. The National Office of Cyber Security and the Office of the Australian Information Commissioner investigated the breach.

What Happened

AFSS detected the data breach on 27 November 2023 and promptly notified the South Australian Government Department for Child Protection. On 6 December 2023, the department publicly disclosed the incident.

The breach affected an organisation that provides critical child protection and family support services to Aboriginal communities under contracts with the SA Government. The incident did not affect any State Government operated IT systems, as AFSS maintains its own independent infrastructure.

Impact on Individuals

Approximately 1,000 Aboriginal community members who receive assistance from AFSS were affected by the breach. Personal information that may have been compromised included payment details and identification documents.

The breach raised particular concerns given the vulnerable nature of the affected population and the sensitive nature of child protection services. The exposure of identification documents and payment details creates risks of identity theft and financial fraud for affected community members.

Organisational Response

The National Office of Cyber Security worked directly with the South Australian Government to support Aboriginal Family Support Services in responding to the incident. The Office of the Australian Information Commissioner opened an investigation into the breach.

AFSS engaged IDCare, Australia's national identity and cyber support community service, to provide specialist support and guidance to affected individuals. The organisation emphasised that services to the community continued without interruption despite the data breach.

The Department for Child Protection confirmed there was no breach of any State Government operated IT system, clarifying that the incident was limited to AFSS's own systems.

Verification Source: View original statement