Scouts Victoria issued a notification to approximately 900 individuals throughout late September regarding unauthorised activity targeting our email system.
In late July and early August of this year, we identified unauthorised activity where third parties gained access to staff email inboxes, most likely using scamming techniques commonly known as 'phishing'.
Our IT team identified and blocked the unauthorised activity to protect information held on our systems. We engaged digital forensic and cyber security experts to investigate the incident and the data involved.
We also notified relevant government authorities, including the Office of the Australian Information Commissioner (OAIC) and the Department of Human Resources.
The forensic investigation and security review was extensive, and has now been completed. The investigation found that correspondence relating to a number of individuals associated with Scouts Victoria is among the data potentially accessed by unauthorised third parties. We have contacted individuals who we know may have been directly affected by this incident and will continue to work with them to address their concerns.
The data that we saw relating to individuals included:
Date of Birth (DOB)
Credit card information (full)
Credit card information (partial)
Tax File Number (TFN)
Bank details (BSB and account number)
Other government-issued ID (i.e. Photo card)
Working with children card
Australian Electoral Commission information
Sensitive criminal history information
Scouts membership number
Court orders (including pertaining to parenting)
We’ve also taken steps to ensure that incidents like this don’t reoccur.
We take our privacy obligations very seriously and are investing significant resources into investigating the source of the incident.
While all affected members have been notified, we encourage anyone who has questions to contact Scouts Victoria and we can address any concerns they may have.