Allegations surfaced against a National Disability Insurance Agency (NDIA) employee accused of sharing approximately 11,000 “records” with at least one service provider linked to the program, as confirmed by Government Services Minister Bill Shorten during a Canberra interview.
Shorten, refraining from specifying the exact number of affected participants, indicated that the leaked records encompassed a larger count than individuals impacted. He emphasized that the actual number of affected participants was smaller than the disclosed 11,000 records.
Addressing the nature of the breach, Shorten highlighted that this incident did not constitute a cyber breach but rather an instance of insider threat within the agency. He underscored that the unauthorized data sharing was not a prolonged activity.
While seeking further clarification from an NDIA spokesperson, iTnews uncovered that the disclosed information included participants’ full names, dates of birth, genders, addresses (including postcodes), and, in a limited number of cases, additional details.
Two individuals, including the implicated NDIA staffer and an associate of a service provider, have been arrested and charged in connection with the breach, which the agency believes to have a financial motive. NDIA assured direct communication with all affected individuals in response to the incident.