Data hack at IT firm may include health records of Victorian school students

Thousands of Victorian students and their families may have had personal data including medical information stolen after a technology company that has contracts with the Victorian government was hacked.

PNORS Technology Group works with six different state departments including Education and Training.

Technology company PNORS, which works with state government departments, has been hacked.Credit:Shutterstock

Sources with knowledge of the situation told The Sunday Age that data from the Victorian school entrance health questionnaire was included in the information stolen.

The questionnaire is completed by all Victorian families who start at a Victorian primary school, including government, Catholic and independent schools.

Sensitive personal information, including demographics, developmental and behavioural issues and family alcohol or drug problems, is part of the questionnaire.

When asked by The Sunday Age to confirm whether this information was breached, the Department of Education referred questions to the Department of Premier and Cabinet, which did not provide a direct answer and instead released a statement.

“The Victorian Government is aware of a cyber incident impacting PNORS Technology Group,” a Department of Premier and Cabinet spokesman said in a statement.

The spokesman said the government was working with PNORS to determine the extent of the information breach. The Victorian Government’s Cyber Incident Response Service has been notified.

“If it is determined that Victorian Government data has been exposed as a result of this breach, departments will notify impacted individuals and provide advice on steps they can take to minimise any risk,” the spokesman said.

PNORS chief executive Paul Gallo said criminals had released potentially stolen data to the company on Saturday.

Gallo said initial investigations by cybersecurity experts indicated the hack was limited to encrypted systems.

“However, overnight the criminals behind the cyberattack released to the company in a private communication a sample of what is believed to be stolen data,” he said.

A source has told The Sunday Age that is still unclear what data has been stolen.

The company detected the cyberattack on Thursday and two of its businesses – Datatime and Netway – were impacted.

“The company immediately activated an incident response which included notifying affected clients, engaging external cybersecurity experts to assist in dealing with the issue,” Gallo said.

“The impacted PNORS Technology Group businesses deal with document and data capture, digital conversion and managed IT support for a number of external clients, including government departments.”

Separately, Ormond independent school Kilvington Grammar School notified families that the school’s data had been breached and some personal information published.

Former and current students, along with those on their waiting list, have had their information accessed, including dates of birth, addresses, email addresses, Medicare numbers and what the school calls “health information”.

The school says it became aware of the hack when it noticed suspicious network activity. No money has been sought.

Kilvington Grammar School says the data of former and current students, along with those on their waiting list, has been breached and some personal information published.Credit:Penny Stephens

“Kilvington Grammar confirms it has experienced a data incident involving unauthorised access to some of its online systems,” the school said in a statement.

“Whilst the third party did not gain access to the school’s primary database, some data has been accessed.

“The team has undertaken a forensic investigation to establish the nature of this data and we have notified and provided support to affected parties. At this stage, we have no evidence that any personal information has been published.”

Our Breaking News Alert will notify you of significant breaking news when it happens. Get it here.

Most Viewed in National

From our partners

Source: Read Full Article