Data Breach Sees Victorian Government Employees' Details Stolen
(Jan 1, 2019)
30,000 employees of the Victorian government in Australia found that their work details had been accessed and downloaded by an unknown person. The work details consisted of information including employees' job titles, work emails, work phone numbers, and possibly mobile phone numbers were affected in this breach. No banking or other financial information was compromised, but authorities say that employees should be wary because this could lead to future phishing or other social engineering attempts.
Recommendation: Leaks of this sort causes individuals to be at a large risk of phishing attacks. Actors can use this information to coerce more personal data from the victim. Users should also monitor their credit in order to make sure that nothing out of the ordinary is happening and no identity fraud is being committed. Because of the type of information downloaded in this specific attack, employees may be at higher risk of social engineering attacks, particularly by persons who may have a financial or political interest in the current happenings in the Victorian government and want to influence the outcomes. It is crucial to change passwords associated to those work emails, and be vigilant to unsolicited phone calls or emails from unknown people.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.