Zircodata cyber hack: Personal information of tens of thousands of Aussies leaked as data firm with links to 200 companies is breached

Russian hackers have successfully breached a data firm used by hundreds of Australian companies and government agencies, auctioning the data of tens of thousands of Aussies on the dark web.

ZircoDATA and the federal government have begun investigating what data was compromised from more than 200 Australian organizations affected by the February breach.

It was revealed on Friday that hackers have accessed 4,000 sensitive documents from Monash Medical Center and the electronic profiles of 60,000 Melbourne Polytechnic students.

Among the leaks from Monash Medical Centre, Queen Victoria Hospital and Southern Health were archived documents relating to domestic violence and sexual support units in Melbourne’s east between 1970 and 1993.

National Cyber ​​Security Coordinator General Michelle McGuinness said on Friday that the government was working closely to assess the extent of the hack.

In February ZircoDATA said in a statement that an “unauthorized third party” gained access to its systems after the hackers said they did so on the dark web.

The web post, from well-known cyber ring Black Basta, describes an auction for the stolen information, prompting an AFP investigation.

Among the stolen documents were 4,000 archived files from Monash Medical Center relating to sexual assaults in Melbourne’s east.

Following the February 22 notice and subsequent investigation, Ms McGuinness said on Friday that “the impact on most government agencies is likely to be minimal”.

‘[We] are still working with ZircoDATA to identify affected data and any victims, and have yet to begin notifying affected individuals,” she said.

Monash Health said it verifies the identity of the compromised before contacting them, so as not to accidentally expose them to retaliation from the hackers.

General director Professor Eugine Yafele said De Eeuw that he helped with the investigation and that he felt sorry for those affected.

“Of paramount importance to us is providing support to people who may be affected by this breach,” he said.

‘We are deeply disappointed to be in this position and understand the distress this may cause to affected customers.’

Mr Yafele said his teams were working “tirelessly” to identify those affected by the hack, which Ms McGuinness said was especially poignant as some of the stolen files were linked to sexual violence.

“This is a worrying development for those who have been affected, or believe they may have been affected, by this exposure,” Ms McGuiness said on X.

ZircoDATA is still trying to determine the full list of affected individuals and organizations and Monash Health has done so as well launched a website and a hotline for those concerned that their documents may have been stolen.

National Cyber ​​Security Coordinator General Michelle McGuinness said on Friday that the government was working closely to assess the extent of the hack.

The federal government is working with ZircoDATA and the organizations affected by the hack to find out who was affected

Melbourne Polytechnic revealed that the enrollment data of 60,000 past and present students, collected and stored by ZircoDATA, had also been accessed by the hackers.

CEO Frances Coppolillo said the hackers captured “low-risk identity attributes,” including names, student identification numbers, addresses at the time of enrollment and dates of birth.

“Melbourne Polytechnic apologizes unreservedly to everyone affected by this incident,” Ms Coppolillo said in a statement.

“We have contacted every current affected student and are trying to contact former students, many of whose contact details may have changed over the past decade.”

Black Basta’s dark web posts boast about the hack the group claims it accessed 395 gigabytes of ZircoDATA archives, including passport scans, individual immigration identification data and other sensitive documents.

Another group, Crypmans, is also said to have breached the ZircoDATA systems in January.

The AFP launched an investigation into the breach after a well-known cyber ring announced an auction for the stolen data on the dark web on February 22 (pictured)

Cybersecurity firm Cyble tracks known hacking groups and scours the dark web for information and alerts about corporate breaches and has confirmed this was the case. assisting multiple companies affected by the ZircoDATA breaches.

Cyble’s Kapil Barman said he wasn’t sure if the hacks were related, but they both used the same thing vulnerability to get into ZircoDATA’s systems.

Cybersecurity manager at Risk Associates, who also works with Cyble, Sameer Pradhan, told the publication he had identified 191 Australian organizations affected by the hacks.

On Saturday, the Ministry of the Interior confirmed the investigation into the case.

The department could not confirm who was responsible for the hacks or which government agencies were affected.

The CSIRO said it had not been notified of any exposure as a result of the breach and the The Australian Pesticides and Veterinary Medicines Authority did not respond to queries. Both are listed as ZircoDATA clients.

Information Commissioner Sean Morrison has confirmed that his office will “continue to monitor the incident and … receive updates as appropriate.”