Personally identifiable information accessed by third party
A data breach at the Scouts Victoria organization in Australia could have compromised the sensitive information of around 900 people.
Scouts Victoria provides an estimated 17,000 young people with a “skills for life” program run by 5,000 adult volunteers.
The cyber incident happened in late July and August 2020, when an unauthorized individual accessed employee email accounts.
It is thought that the security breach was the result of a successful phishing campaign.
Sensitive information including names, phone numbers, credit card information, ID documents including passport information and driver’s license details, and bank details were among the stolen data.
It isn’t clear whether the data belonged to the adult volunteers or the parents of children enrolled in the organization.
Scouts Victoria said it has notified the victims of the breach and has contacted relevant government authorities, including the Office of the Australian Information Commissioner (OAIC) and the Department of Human Resources.
“The forensic investigation and security review was extensive, and has now been completed,” a statement reads.
“The investigation found that correspondence relating to a number of individuals associated with Scouts Victoria is among the data potentially accessed by unauthorized third parties.
“We have contacted individuals who we know may have been directly affected by this incident and will continue to work with them to address their concerns.”