Anglicare Sydney has been hit by a ransomware attack that saw attackers exfiltrate 17GB of data.
The not-for-profit, which provides social services like aged care, was attacked in late August which saw “a range of Anglicare’s information systems and servers” locked down.
“Anglicare Sydney had an incident response plan in place for this type of scenario whereby we could remediate with off-site backup systems and would not entertain engaging with cyber criminals,” it said in a statement on Saturday.
“Once the cyberattack was detected, Anglicare Sydney immediately embarked on remediation and investigation including the engagement of cyber security experts.
“A formal forensic investigation by third parties is still ongoing.”
Despite working with the NSW Department of Communities and Justice (DCJ) to provide social services, the ransomware infection did not extend to government systems.
“DCJ cyber security staff were quick to act on potential threats posed by the Anglicare cyber-attack,” A government spokesperson said.
“DCJ took immediate protective action to ensure the cyber breach did not impact their systems.
“At this point Cyber Security NSW is not aware of any impacts on NSW Government systems or services from the Anglicare cyber-attack.”
A spokesperson for the Australian Cyber Security Centre (ACSC) said the centre was “aware of a cyber security incident involving Anglicare” and had “engaged with” the charity about the incident.
In its recent Cyber Threat Report the ACSC named ransomware as the “highest threat” in Australia’s cyber landscape because it is low cost, requires minimal technical nous, and can severely disrupt a business’ operations.
Anglicare said in its statement that there was “no current evidence” of stolen data. Yet in the next sentence Anglicare said it “identified 17GB of data transmission to a remote location”.
Data exfiltration has become a feature of ransomware attacks recently with hackers seeking to use stolen data as extra leverage to bargain for ransom.
The potential for data theft put Anglicare on the defensive when NewsCorp’s The Daily Telegraph ran a headline claiming the attack saw “sensitive child data stolen”.
“The main system relating to Anglicare Sydney’s Out of Home Care program, which includes the Foster Care program, was not impacted,” Anglicare said.
“We are concerned that these any inaccuracies and misleading reporting can cause unnecessary harm and distress to some of the most vulnerable people in our care.”
The not-for-profit said it has strengthened its cybersecurity following the incident.