This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Queensland Fire and Emergency Services

Summary

Queensland Fire and Emergency Services (QFES) investigated an alleged data breach in December 2023 involving a former contractor who allegedly removed information relating to the Rural Fire Service. The incident involved names, phone numbers, and email addresses of volunteers and employees. Queensland Police were involved in the investigation, and the Office of the Information Commissioner Queensland was notified.

What Happened

In December 2023, a former QFES contractor whose contract had ended allegedly removed QFES information relating to the Rural Fire Service from the organisation. The alleged breach involved contact details of Rural Fire Service volunteers and employees, including names, phone numbers, and email addresses.

QFES conducted a forensic analysis of the data the contractor had access to and allegedly removed from the workplace. Devices issued by QFES to the contractor were secured following the discovery of the alleged breach.

Impact on Individuals

The compromised information consisted of basic contact details—names, phone numbers, and email addresses—of Rural Fire Service volunteers and employees. While this type of information is less sensitive than financial or identity documents, it could potentially be misused for phishing attempts or unwanted contact.

QFES advised all employees and volunteers as soon as they understood the scope of the incident, and further communication was issued to anyone directly impacted by the breach. The organisation found no evidence to indicate an ongoing concern following the securing of the contractor's devices.

Organisational Response

QFES promptly involved Queensland Police in the investigation of the alleged data removal. The organisation notified the Office of the Information Commissioner Queensland of the incident and conducted forensic analysis to determine the full scope of the information accessed and allegedly removed.

The organisation secured all devices issued to the former contractor and implemented measures to ensure no ongoing risk to affected individuals.

Verification Source: View original statement