Fire Rescue Victoria in Australia has disclosed a data breach caused by a December cyberattack that is now claimed by the Vice Society ransomware gang.
Fire Rescue Victoria (FRVP) is a fire and rescue service operating from 85 stations in the Australian state of Victoria and employing approximately 4,500 operational and corporate staff.
The FRV cyberattack occurred on December 15, 2022, and despite the widespread and ongoing computer outages it caused, the agency’s emergency response services were unaffected.
“The incident affected a number of our internal servers, including our email system,” FRV explains in a announcement on his site.
“While we continue to experience widespread IT outage following the attack, community safety has not been compromised and we continue to dispatch teams and devices via cellphones, pagers and radio. .” – LIF.
In addition to disrupting the agency’s computer system, the hackers also stole data from FRV’s computers, including information on current and former employees, contractors, secondments, and job applicants.
The agency notified the Australian Information Commissioner’s Office of the incident on January 6, 2023, disclosing the preliminary results of its ongoing internal investigation.
According to parts of note which have been made public, the hackers stole the following information about FRV staff and candidates:
- Full name
- Address (current and previous)
- Email address (current and previous)
- Phone number (current and previous)
- Date of Birth
- Health Information
- Sensitive information such as information about sexual orientation, race, disability, religion, qualifications, employment history, criminal history, and political or religious opinions.
- Bank details (BSB, account name and number)
- Superannuation details
- Government issued identity information
- Driving license details
- Passport information
- Tax file numbers
- Birth, death and marriage certificates
In addition to the above, since the hackers gained access to the agency’s email system, which remains offline, they may also have accessed or stolen sensitive email communications.
FRV warns all employees and anyone else who has ever applied for a job to be vigilant against targeted phishing emails or text messages.
Additionally, the organization recommends that staff reset their passwords and enable MFA to further protect their accounts. If staff use their FRV password on other sites, they must also reset it.
Attack claimed by Vice Society Ransomware
This data breach notification comes after the Vice Society ransomware gang claimed to be behind the attack on Fire Rescue Victoria and indicated that they would start leaking stolen data.
On January 10, an entry for Fire Rescue Victoria appeared on Vice Ransomware’s Tor data leak site, with a link to allegedly stolen data.
However, that link is currently not working, giving the fire relief organization a likely involuntary reprieve from publishing its data.
While some ransomware operations have policies against targeting emergency services and healthcare entities, Vice Society tends to attack any entity it can breach.
The ransomware operation was launched in January 2021, when they started using malware from other ransomware gangs in their attacks, including BlackCat, QuantumLocker, Zeppelin, a Vice Society branded variant of ransomware Zeppelin and the Hello Kitty ciphers.
More recently, threat actors have moved to a new custom cipher which the researchers dubbed “PolyVice”.