“Although we cannot confirm the details of all the data in the time available, to be extra careful we are treating any information held in our database as being compromised,” the company has said.
“This data includes documents containing personal information relating to our customers and their clients and carers.” CTARS said it holds personal information of clients, staff carers, and third party suppliers. “Due to the very large volume of information held by CTARS and the very lengthy time it would take to review in detail, we are unable to confirm exactly what personal information of yours was affected by the incident,” it added. More forthcoming with the sort of information stored was Have I Been Pwned owner Troy Hunt, who has added the 12,000 impacted email address into the site. “This includes information such as suicide attempts. Mental health issues. Drug use (both prescription and illicit). Violent behaviour. Sexual abuse,” Hunt tweeted.
“This has been published to a hacking forum and accessed by an untold number of people. It’s horrendous.” Hunt added a significant number of the impacted people are care staff rather than NDIS clients. “It’s not clear how traceable patient data is back to individuals but at face value, it seems highly likely sensitive personal information can be matched to individuals. Given the sensitivity of the breach, I’d prefer to see CTARS / NDIS provide more commentary on that,” he said. CTARS dismissed the type of proposition put forward by Hunt, although it did state that “diagnoses, treatment, or recovery of a medical condition or disability” is the sort of information stored. “Health and other sensitive personal information by itself is generally not useful to a cyber-criminal,” the company claimed. “However, we acknowledge and understand that it may be upsetting to have your health or disability information accessed. We regret that this incident has taken place and sincerely apologise for any unease this may cause you. “If you are experiencing any distress, we recommend that you seek health advice from a registered health professional you know and trust.” IF YOU OR ANYONE YOU KNOW IN AUSTRALIA NEEDS HELP CONTACT ONE OF THESE SERVICES:

National Sexual Assault, Domestic Family Violence Counselling Service on 1800 737 732MensLine Australia on 1300 789 978Lifeline on 13 11 14Kids Helpline on 1800 551 800Beyond Blue on 1300 22 46 36Headspace on 1800 650 890In an emergency or if you’re not feeling safe, always call 000

Human Rights Commission asks NDIS to remember robo-debt in automation pushServices Australia testifies Cellebrite tech only used for fraud and identity theft casesAustralia’s NDIS goes live with first phase of digital transformation programNearly AU$250,000 spent per month on staff costs to develop NDIS appNDIS sidesteps blockchain in government kitchen sink debt-chasing appSenators concerned NDIS app will become another COVIDSafe million dollar ‘success’