Make a Donation
July

Notice Data Breach - Employees

A security incident recently experienced by Ability WA may have resulted in unauthorised access to personal information Ability WA holds about its employees and customers.

This notification applies to current and former Ability WA employees. If you are an Ability WA customer, please see the customer notification here.

What happened?

On 5 March 2022, Ability WA experienced a ransomware attack. Upon becoming aware of the incident, Ability WA immediately engaged its IT provider to recover its systems and a forensic investigator to investigate the cause and scope of the incident.

The investigation discovered that an unknown person gained unauthorised access to Ability WA's systems. During this time, the cybercriminal accessed parts of Ability WA's network. The cybercriminal copied a large quantity of data from the affected systems before causing a system outage by executing the ransomware.

What has Ability WA done in response?

Ability WA was able to recover its systems and has since implemented numerous technical and practical measures to improve the security of its systems and ensure that this kind of incident does not reoccur in the future.

Ability WA has continually monitored the dark web for any sign of the data stolen by the cybercriminal since the incident. There is no evidence that any of the stolen data has been published.

Ability WA has reported the incident to the Office of the Australian Information Commissioner. We will continue to liaise with that authority regarding the incident and ensure that all of our statutory obligations are met.

What data was compromised?

The data stolen by the cybercriminal was largely data stored on Ability WA's network drives. These drives included employee records relating to your current or former employment with Ability WA, such as terms of employment, performance reports and payroll records. In particular, these documents may include your tax file number in payment summaries and reports.

Again, there is currently no evidence that any stolen data has been published or misused.

Steps you can take to protect against potential data misuse

Fraudsters can misuse tax file numbers to lodge fraudulent tax returns and claim tax refunds. To protect you against this risk, Ability WA has already notified the Australian Taxation Office that the tax file numbers of its employees may have been involved in a data breach. The Australian Taxation Office has placed additional security measures on the accounts of all Ability WA employees, which aim to detect any fraudulent activity. There is nothing further you need to do; however, if you have any concerns, you can contact the Australian Taxation Office Client Identity Support Centre on 1800 467 033. More information is available on the ATO's website.

Fraudsters may also contact you impersonating Ability WA or the Australian Taxation Office to trick you into disclosing other personal information or access credentials. This is called "social engineering" and can be a precursor to identity fraud. To protect yourself against social engineering:

  • be wary of anyone contacting you who requests personal information or access credentials from you, even if they quote your tax file number or already know other details about you;
  • do not respond to email or SMS messages asking for personal information; and
  • be careful of unsolicited telephone calls which purport to be from a business or government authority. If you think the call is genuine, hang up and call the business or authority back on their public telephone number.

Additional information on these types of fraud and how to avoid them are available at the Australian Cyber Security Centre website. 

Additional guidance about steps you can take to protect yourself can be found on the Office of the Australian Information Commissioner's website.

If you still have questions

Ability WA takes the security of your information very seriously. We apologise for any inconvenience this incident may cause you. If you would like to discuss the situation with us further or if you have any questions about any aspect of this email, please do not hesitate to contact our Customer Contact Team on 1300 106 106 or email us at privacy@abilitywa.com.au.