Fire Rescue Victoria

Summary

Fire Rescue Victoria (FRV) suffered a ransomware attack in December 2022 by the Vice Society threat group. The breach exposed personal information of current and former employees, contractors, and job applicants, with stolen data published on the dark web in January 2023. FRV notified the Office of the Australian Information Commissioner and provided affected individuals with free identity protection services.

What Happened

On 15 December 2022, Fire Rescue Victoria detected unauthorised access to its systems and immediately took systems offline. The attackers, identified as the Vice Society ransomware group, exfiltrated approximately 100GB of data before FRV could secure its network.

Initially, FRV reassured staff that their data had not been published online. However, on 11 January 2023, the organisation confirmed that stolen information had been shared on the dark web. The attack targeted personal and employment information rather than operational systems.

Impact on Individuals

Personal information that may have been accessed included names, addresses, email addresses, phone numbers, health information, superannuation details, Tax File Numbers, and passport details. The broad scope of data types exposed affected individuals to potential identity theft and fraud.

Fire Rescue Victoria offered free support services through IDCARE, Australia's national identity and cyber support service, and partnered with Equifax to enable affected individuals to set up credit and identity protection monitoring. The organisation emphasised that emergency response capabilities were not compromised during the incident.

Organisational Response

Fire Rescue Victoria notified the Office of the Australian Information Commissioner of the breach in January 2023. The organisation implemented identity protection measures for affected individuals and worked with cybersecurity experts to secure its systems and investigate the full extent of the breach.