Cyber-attack information (Dec 2022)

27 April 2023 update

This notice was first published on 6 January 2023 and updated on 7 February 2023. FRV is now updating this notice to outline the changes to the categories of personal information that FRV previously advised may have been accessed or stolen by a malicious third party in the cyber-attack. These changes are being made as a result of FRV's ongoing investigations.

Current and former staff

In relation to current and former staff, FRV has now identified that Medicare numbers, Centrelink customer reference numbers and Individual Healthcare Identifiers are other types of Government-issued identity information that may have been accessed or stolen, to the extent any such information has been sent or received via its email systems.

Job applicants

In relation to job applicants, FRV previously published that tax file numbers may have been accessed or stolen, however, FRV has identified that this is no longer correct. FRV has also now identified that health information, Medicare numbers, Centrelink customer reference numbers and Individual Healthcare Identifiers are other types of Government issued identity information that may have been accessed or stolen, to the extent any such information has been sent or received via our email systems.

Please email frvassist@frv.vic.gov.au if you have any questions about this update.

Fire Rescue Victoria eligible data breach notification 27 April 2023

This notice sets out important information about a cyber-attack on Fire Rescue Victoria's IT environment.

Read this notice if you:

  • are a current or former employee, individual contractor or secondee of Fire Rescue Victoria (FRV) or the former Metropolitan Fire and Emergency Services Board (MFB); or
  • have ever applied for a job with the FRV or MFB (including firefighter recruit applicants).

On 6 January 2023, we notified the Office of the Australian Information Commissioner that we have reasonable grounds to believe that we have suffered an eligible data breach as a result of the recent cyber-attack. You can read part one of our statement that we sent to the Office of the Australian Information Commissioner on 6 January 2023 here. We are also liaising with the Office of the Victorian Information Commissioner about the cause and impact of this attack, as well as other State and Federal government bodies (including the Australian Cyber Security Centre).

In accordance with the requirements under the Privacy Act 1988 (Cth) (in respect of personal information that we hold that the Privacy Act 1988 (Cth) applies to), this notice provides you with:

(1) A description of the eligible data breach (see What happened?).

(2) A summary of the kinds of personal information that may be involved (see What personal information may be involved?).

(3) The steps we recommend that you take if you are impacted by the attack (see What steps can you take?).

We are deeply sorry that this attack has occurred. We are committed to protecting your privacy and helping you to protect your identity in the aftermath of this attack. We will provide regular updates as more information becomes available. Please continue to check https://www.frv.vic.gov.au/frv-cyber-attack-information for the latest information or email frvassist@frv.vic.gov.au if you have any questions.

If you are a current FRV employee or individual contractor, you may have received previous correspondence from us regarding this attack. This notice provides important updates and should be read carefully.

WHAT HAPPENED?

We were made aware of a cyber-attack on our internal IT environment on 15 December 2022. The incident affected a number of our internal servers (including our email system). We are working closely with cyber security experts and our partners in the State and Federal Governments, including the Australian Cyber Security Centre, to investigate and respond to this attack.

While we continue to experience a widespread IT outage as a result of the attack, community safety has not been compromised and we continue to dispatch crews and appliances through mobile phones, pagers and radio.

Our investigations about the cause and impact of this attack are ongoing. However, we have reasonable grounds to believe that personal information may have been accessed or stolen.

Although we do not have evidence that personal information has been accessed or stolen from our systems, given the nature of the cyber-attack, we have reasonable grounds to believe that personal information of current and former employees, individual contractors and secondees of FRV and the former Metropolitan Fire and Emergency Services Board (as well as job applicants and other individuals) may have been accessed or stolen by a malicious third party.

WHAT PERSONAL INFORMATION MAY BE INVOLVED?

It is a complex task to identify what information is involved in this attack.

While this analysis progresses, we are assuming that information that may have been accessed or stolen by a malicious third party includes personal information about:

  • current and former employees of FRV and the former Metropolitan Fire and Emergency Services Board (MFB), individual contractors and secondees from other organisations to FRV and the former MFB (FRV Staff); and
  • job applicants for FRV roles or former MFB roles (including firefighter recruit applicants).

Based on our investigations to date, we have reasonable grounds to believe that the following personal information may have been accessed or stolen:

A. Personal Information about current and former FRV Staff

  • Full Name
  • Address (current and previous)
  • Email address (current and previous)
  • Phone number (current and previous)
  • Date of birth
  • Health information
  • Sensitive information, to the extent any such information has been sent or received via our email system (for example, , information about sexual orientation, race, disability, religion, qualifications, employment history, criminal history, political or religious views)
  • Bank account details (BSB, account name and number) (excluding secondees from other organisations and labour hire employees)
  • Superannuation details (excluding secondees from other organisations and labour hire employees)
  • Government issued identity information, to the extent any such information has been sent or received via our email system, such as:
    • Driver's licence details
    • Passport details
    • Tax File numbers
    • Birth, death and marriage certificates
    • Medicare numbers
    • Centrelink customer reference numbers
    • Individual Healthcare Identifiers

B. Personal Information about job applicants

  • Full Name
  • Address (current and previous)
  • Email address (current and previous)
  • Phone number (current and previous)
  • Date of birth
  • Health information
  • Sensitive information, to the extent any such information has been sent or received via our email system (for example, information about sexual orientation, race, disability, religion, qualifications, employment history, criminal history)
  • Government issued identity information, to the extent any such information has been sent or received via our email system, such as:
    • Driver's licence details
    • Passport details
    • Medicare numbers
    • Centrelink customer reference numbers
    • Individual Healthcare Identifiers

As our email system has been affected by this attack, information that may have been accessed or stolen may also include personal information about other individuals (to the extent any such information has been sent or received by FRV Staff via our email system).

WHAT STEPS CAN YOU TAKE?

As there is a risk that personal information may have been accessed or stolen by a malicious third party, we strongly urge all current and former FRV Staff and job applicants to remain vigilant and take steps to protect their identity and credit profile.

Take additional cyber precautions

We recommend that all current and former FRV Staff and job applicants remain careful and vigilant with all online communications and transactions, and take the following steps:

  • Make sure you validate any communications you receive, to ensure they are legitimate
  • Be very careful when opening or responding to texts from unknown numbers and emails from unknown senders
  • Change account passwords (and replace with a strong password or passphrase – see latest Microsoft password advice) and enable multifactor authentication for banking and any other accounts where it is available
  • If you have reused your FRV password on personal accounts, you should go through these accounts and change the passwords
  • Do not click links in emails from unknown senders and check with known senders, before clicking links
  • Do not provide personal or credential information to people who contact you – legitimate organisations should not contact you and ask for this
  • Do not give remote access to your computer or mobile device
  • Learn to recognise scams and always be alert to phishing attempts (watch this video from the Australian Cyber Security Centre to learn how phishing scams work).

Additional steps to protect your identity

We have activated specialist monitoring services for all current and former FRV Staff and job applicants to use.

If any current or former FRV Staff or job applicant are concerned about the potential misuse of their personal information, the individual can access free support from IDCARE, Australia’s national identity and cybersecurity community support service. Each impacted individual can engage an IDCARE Case Manager via IDCARE’s Get Help Web Form at www.idcare.org/contact/get-help using the referral code FRV22.

We also urge all current and former FRV Staff and job applicants to follow specific identity protection advice:

  • Monitor all your devices and accounts for unusual activity. Go to scamwatch.gov.au for more information. Report unusual activity to Report Cyber at cyber.gov.au and IDCARE (1800 595 160, 8am-5pm Monday to Friday, excluding public holidays)
  • Monitor your bank accounts for any unusual or unauthorised activity and contact your financial institution immediately if you have any concerns. Ensure you have multifactor authentication in place, if available.
  • If you suspect fraud, you can request a ban on your credit report which ‘freezes’ access to your credit file (see guidance from IDCARE)
  • If you are the target or victim of a scam or believe your accounts have been compromised, lodge an online report via the Australian Cyber Security Centre (ACSC)
  • If you think someone has stolen your identity, contact IDCARE on 1800 595 160 (8am-5pm Monday to Friday, excluding public holidays). They have published several factsheets with advice specific to recent high profile Australian cyber breaches.

Additional steps to protect your credit profile

We have also partnered with Equifax Protect, a leading provider of credit and identity monitoring services, to provide Equifax Protect to current and former FRV Staff and job applicants. Equifax Protect is a credit monitoring and identity protection service that helps reduce the risk of identity theft or financial loss.

All current and former FRV Staff and job applicants are eligible for a 12-month Equifax Protect subscription, which includes:

  • monitoring of your personal information on the internet
  • alerts for changes on your credit reporting
  • monthly credit reports and score tracking.

To activate Equifax Protect, each individual must follow the Equifax Protect registration instructions. The individual will need to firstly request a personalised code. This is explained in the instructions.

Additional support available to current FRV employees, retirees and families

Additional support is also available to current FRV employees, FRV retirees (including MFB retirees) and their families via our Employee Assistance Program (EAP).

EAP provides access to external psychologists, social workers and counsellors. Should current FRV employees, retirees or their families require EAP support to help them manage their wellbeing during this time, we encourage them to reach out to our Health and Wellbeing services. These services can be accessed by calling 1800 161 415.

Additional steps

As our email system has been affected by this attack, we strongly urge FRV Staff to contact us at frvassist@frv.vic.gov.au for further advice and assistance if they have any concern about the personal information of other individuals (for example, family members of FRV Staff) that may have been sent or received using our email system.

7 February 2023 update

FRV's notice published on 6 January 2023 (below) states that firefighter recruit applicants were not affected by the cyber-attack. As part of our ongoing investigation into the cyber-attack, FRV now has identified that the personal information of firefighter recruit applicants may have been accessed or stolen by a malicious third party in the cyber-attack.

This means that you should read this notice if you have ever applied for a firefighter recruit role with FRV or the former Metropolitan Fire and Emergency Services Board (MFB), as the sections in the notice that apply to job applicants also apply to you. Further details about the personal information that may have been accessed or stolen in the cyber-attack are set out in the section "What Personal Information may be involved?". You can also read about the steps we recommend that you take and the support available to you in the section "What steps can you take?".

However, please note that FRV does not collect the Tax File Numbers of firefighter recruit applicants until it makes an offer of employment to the applicant. This means that where a section of this notice references Tax File Numbers or applies to job applicants because of FRV's collection of their Tax File Numbers, that section will not apply to you if you did not receive an offer of employment from FRV.

Please email frvassist@frv.vic.gov.au if you have any questions about this update.

Fire Rescue Victoria eligible data breach notification: 6 January 2023

This notice sets out important information about a cyber-attack on Fire Rescue Victoria's IT environment.

Read this notice if you:

  • are a current or former employee, individual contractor or secondee of Fire Rescue Victoria (FRV) or the former Metropolitan Fire and Emergency Services Board (MFB); or
  • have ever applied for a job with the FRV or MFB (excluding firefighter recruit applicants).

On 6 January 2023, we notified the Office of the Australian Information Commissioner that we have reasonable grounds to believe that we have suffered an eligible data breach as a result of the recent cyber-attack. You can read part one of our statement via this link.

We are also liaising with the Office of the Victorian Information Commissioner about the cause and impact of this attack, as well as other State and Federal government bodies (including the Australian Cyber Security Centre).

In accordance with the requirements under the Privacy Act 1988 (Cth), this notice provides you with:

(1) A description of the eligible data breach (see What happened?).

(2) A summary of the kinds of personal information that may be involved (see What personal information may be involved?).

(3) The steps we recommend that you take if you are impacted by the attack (see What steps can you take?).

We are deeply sorry that this attack has occurred. We are committed to protecting your privacy and helping you to protect your identity in the aftermath of this attack. We will provide regular updates as more information becomes available. Please continue to check this page for the latest information or email frvassist@frv.vic.gov.au if you have any questions.

If you are a current FRV employee or individual contractor, you may have received previous correspondence from us regarding this attack. This notice provides important updates and should be read carefully.

WHAT HAPPENED?

We were made aware of a cyber-attack on our internal IT environment on 15 December 2022. The incident affected a number of our internal servers (including our email system). We are working closely with cyber security experts and our partners in the State and Federal Governments, including the Australian Cyber Security Centre, to investigate and respond to this attack.

While we continue to experience a widespread IT outage as a result of the attack, community safety has not been compromised and we continue to dispatch crews and appliances through mobile phones, pagers and radio.

Our investigations about the cause and impact of this attack are ongoing. However, we have reasonable grounds to believe that personal information may have been accessed or stolen.

Although we do not have evidence that personal information has been accessed or stolen from our systems, given the nature of the cyber-attack, we have reasonable grounds to believe that personal information of current and former employees, individual contractors and secondees of FRV and the former Metropolitan Fire and Emergency Services Board (as well as job applicants and other individuals) may have been accessed or stolen by a malicious third party.

WHAT PERSONAL INFORMATION MAY BE INVOLVED?

It is a complex task to identify what information is involved in this attack.

While this analysis progresses, we are assuming that information that may have been accessed or stolen by a malicious third party includes personal information about:

  • current and former employees of FRV and the former Metropolitan Fire and Emergency Services Board (MFB), individual contractors and secondees from other organisations to FRV and the former MFB (FRV Staff); and
  • job applicants for FRV roles or former MFB roles (excluding firefighter recruit applicants).

Based on our investigations to date, we have reasonable grounds to believe that the following personal information may have been accessed or stolen:

A. Personal Information about current and former FRV Staff

  • Full Name
  • Address (current and previous)
  • Email address (current and previous)
  • Phone number (current and previous)
  • Date of birth
  • Health information
  • Sensitive information, to the extent any such information has been sent or received via our email system (for example, , information about sexual orientation, race, disability, religion, qualifications, employment history, criminal history, political or religious views)
  • Bank account details (BSB, account name and number) (excluding secondees from other organisations and labour hire employees)
  • Superannuation details (excluding secondees from other organisations and labour hire employees)
  • Government issued identity information, to the extent any such information has been sent or received via our email system, such as:
    • Driver's licence details
    • Passport details
    • Tax File numbers
    • Birth, death and marriage certificates

B. Personal Information about job applicants

  • Full Name
  • Address (current and previous)
  • Email address (current and previous)
  • Phone number (current and previous)
  • Date of birth
  • Sensitive information, to the extent any such information has been sent or received via our email system (for example, information about sexual orientation, race, disability, religion, qualifications, employment history, criminal history)
  • Government issued identity information, to the extent any such information has been sent or received via our email system, such as:
    • Driver's licence details
    • Passport details
    • Tax File numbers

As our email system has been affected by this attack, information that may have been accessed or stolen may also include personal information about other individuals (to the extent any such information has been sent or received by FRV Staff via our email system).

WHAT STEPS CAN YOU TAKE?

As there is a risk that personal information may have been accessed or stolen by a malicious third party, we strongly urge all current and former FRV Staff and job applicants to remain vigilant and take steps to protect their identity and credit profile.

Take additional cyber precautions

We recommend that all current and former FRV Staff and job applicants remain careful and vigilant with all online communications and transactions, and take the following steps:

  • Make sure you validate any communications you receive, to ensure they are legitimate
  • Be very careful when opening or responding to texts from unknown numbers and emails from unknown senders
  • Change account passwords (and replace with a strong password or passphrase – see latest Microsoft password advice) and enable multifactor authentication for banking and any other accounts where it is available
  • If you have reused your FRV password on personal accounts, you should go through these accounts and change the passwords
  • Do not click links in emails from unknown senders and check with known senders, before clicking links
  • Do not provide personal or credential information to people who contact you – legitimate organisations should not contact you and ask for this
  • Do not give remote access to your computer or mobile device
  • Learn to recognise scams and always be alert to phishing attempts (watch this video from the Australian Cyber Security Centre to learn how phishing scams work).

Additional steps to protect your identity

We have activated specialist monitoring services for all current and former FRV Staff and job applicants to use.

If any current or former FRV Staff or job applicants are concerned about the potential misuse of their personal information, the individual can access free support from IDCARE, Australia’s national identity and cybersecurity community support service. Each impacted individual can engage an IDCARE Case Manager via IDCARE’s Get Help Web Form at www.idcare.org/contact/get-help using the referral code FRV22.

We also urge all current and former FRV Staff and job applicants to follow specific identity protection advice:

  • Monitor all your devices and accounts for unusual activity. Go to scamwatch.gov.au for more information. Report unusual activity to Report Cyber at cyber.gov.au and IDCARE (1800 595 160, 8am-5pm Monday to Friday, excluding public holidays)
  • Monitor your bank accounts for any unusual or unauthorised activity and contact your financial institution immediately if you have any concerns. Ensure you have multifactor authentication in place, if available.
  • If you suspect fraud, you can request a ban on your credit report which ‘freezes’ access to your credit file (see guidance from IDCARE)
  • If you are the target or victim of a scam or believe your accounts have been compromised, lodge an online report via the Australian Cyber Security Centre (ACSC)
  • If you think someone has stolen your identity, contact IDCARE on 1800 595 160 (8am-5pm Monday to Friday, excluding public holidays). They have published several factsheets with advice specific to recent high profile Australian cyber breaches.

Additional steps to protect your credit profile

We have also partnered with Equifax, a leading provider of credit and identity monitoring services, to provide Equifax Protect to current and former FRV Staff and job applicants. Equifax Protect is a credit monitoring and identity protection service that helps reduce the risk of identity theft or financial loss.

All current and former FRV Staff and job applicants are eligible for a 12-month Equifax Protect subscription, which includes:

  • monitoring of your personal information on the internet
  • alerts for changes on your credit reporting
  • monthly credit reports and score tracking.

To activate Equifax Protect, each individual must follow the Equifax Protect registration instructions. The individual will need to firstly request a personalised code. This is explained in the instructions.

Additional support available to current FRV employees, retirees and families

Additional support is also available to current FRV employees, FRV retirees (including MFB retirees) and their families via our Employee Assistance Program (EAP).

EAP provides access to external psychologists, social workers and counsellors. Should current FRV employees, retirees or their families require EAP support to help them manage their wellbeing during this time, we encourage them to reach out to our Health and Wellbeing services. These services can be accessed by calling 1800 161 415.

Additional steps

As our email system has been affected by this attack, we strongly urge FRV Staff to contact us at frvassist@frv.vic.gov.au for further advice and assistance if they have any concern about the personal information of other individuals (for example, family members of FRV Staff) that may have been sent or received using our email system.

_

Communities

Updated

Back to top