Get all your news in one place.
100’s of premium titles.
One app.
Start reading
ABC News
ABC News
National

Technology group providing services to Victorian government departments hit by cyber attack

A cyber attack has targeted a technology group which provides services to government departments, with hackers now believed to hold stolen data.

PNORS Technology Group owns five companies which provide a range of technology services to more than 1,000 clients.

The company confirmed on Saturday that two of its businesses, Datatime and Netway, were the target of a cyber attack on November 3.

"The impacted PNORS Technology Group businesses deal with document and data capture, digital conversion and managed IT support for a number of external clients, including government departments," PNORS chief executive Paul Gallo said.

"Initial investigations by cyber security experts indicated this incident was limited to systems being encrypted and locked.

"However, overnight the criminals behind the cyber attack released to the company in a private communication a sample of what is believed to be stolen data."

The Victorian Department of Premier and Cabinet (DPC) said it was determining whether data held by the state had been exposed in the breach.

A DPC spokesperson said the government was "continuing to provide support to PNORS Technology Group to determine the extent of the information breach and to prevent further incidents".

At an election announcement about support for Victorian veterans on Sunday, Premier Daniel Andrews said the details of the breach were still being confirmed.

"You can have a breach — whether anybody accessed anything, took anything, viewed anything — that's not necessarily the same as the fact the first firewall was breached," he said.

"It's just important that we confirm the facts and as soon as we do that, we'll have more to say."

PNORS said it immediately notified affected clients on November 3, contacted state and federal police and engaged external cybersecurity experts.

The Office of Australian Information Commissioner has been notified.

"The extent of the data breach is still being investigated and we are working closely with all authorities to assess how many of our clients have been impacted and the nature of the data that has been stolen," Mr Gallo said in a statement.

"When we were informed about the cyber attack we immediately shut down and isolated all our internal systems and took further measures to secure our network and data, along with pausing all data processing."

The Victorian DPC spokesperson said the Victorian Government's Cyber Incident Response Service had been notified.

"Protecting Victorian data and systems is our highest priority," the DPC spokesperson said in a statement.

"If it is determined that Victorian government data has been exposed as a result of this breach, departments will notify impacted individuals and provide advice on steps they can take to minimise any risk."

It is the latest in a string of data breaches at high-profile targets, starting with telco Optus in late September.

The personal data of millions of Australians has been, or potentially has been, exposed in the hacks which have also targeted health insurer Medibank and Woolworths-owned online retailer MyDeal.

Australia's data breach notification laws require companies with an annual turnover of $3 million or more to notify the privacy commissioner about exposed customer data, so it is possible smaller companies have been exposed without making it public.

A security expert last month warned "a decade of anti-security policy" had left Australia open for attacks. 

Another this week warned hackers would now see Australia as "a soft target" in light of the recent breaches.

Attorney-General Mark Dreyfus last week introduced a bill to amend the Privacy Act to the penalty for large data breaches to a minimum of $50 million.

The current maximum penalty for serious or repeated breaches of privacy is about $2 million.

The DPC spokesperson urged people to visit IDCARE for information about how to protect personal information and ScamWatch for information about online scams.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.