This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Nova Employment

Summary

Nova Employment, a non-profit organization that provides training, support, and job placements to individuals with disabilities, was targeted by the BlackBasta ransomware gang in March 2024. The organization is part of a broader campaign by BlackBasta targeting multiple Australian organizations during this period.

What Happened

On 1 March 2024, the BlackBasta ransomware group gained unauthorized access to Nova Employment's systems. BlackBasta posted details of the attack on their dark web leak site, listing Nova Employment among nearly a dozen Australian organizations compromised in a coordinated campaign.

The attack was part of a systematic targeting of Australian organizations by BlackBasta, demonstrating the gang's focus on Australian entities during early 2024.

Impact on Individuals

While specific details about the volume and types of compromised data were not publicly disclosed, Nova Employment's systems likely contained sensitive information about vulnerable individuals, including:

  • Personal details of people with disabilities seeking employment support
  • Training and assessment records
  • Employment placement information
  • Support service histories
  • Personal contact information

The breach is particularly concerning because Nova Employment serves a vulnerable population—individuals with disabilities who rely on the organization for critical employment support services. The exposure of their personal information could be used for:

  • Targeted fraud against vulnerable individuals
  • Discrimination based on disability status
  • Exploitation of people seeking employment assistance

Organisational Response

Nova Employment acknowledged the data breach and worked with cybersecurity experts to investigate the incident. The organization reported the breach to appropriate authorities, including the Office of the Australian Information Commissioner.

The incident highlighted the increasing targeting of non-profit and social service organizations by ransomware gangs, who may perceive these entities as having weaker cybersecurity defenses while holding sensitive data about vulnerable populations.

[extra.impact] affected_individuals = 0 individuals_note = "" data_volume_gb = 0 record_count = 0 financial_cost_total = 0 ransom_demanded = 0 ransom_paid = 0 estimated_remediation = 0 downtime_hours = 0 downtime_note = "" +++

Verification Source: View original statement