PWDA urges people with disability to remain vigilant to suspicious activity in the wake of the HWL Ebsworth data breach, which impacted National Disability Insurance Scheme (NDIS) participants, prospective participants, their families and supports as well as NDIS staff earlier this year.
The data breach took place in April 2023, and affected HWL Ebsworth – a private law firm that provides legal services to government agencies, including the National Disability Insurance Agency (NDIA). In the last week, those affected by the breach have begun to be notified.
Responding to notifications of the breach, members of the PWDA community have expressed concern over the security of their private information.
On behalf of our members, PWDA spoke to the Office of the Minister for the NDIS Bill Shorten to discuss the steps that are being taken to address the breach, and we have confidence that the seriousness of the incident is being reflected in their response and actions.
"I have been assured the NDIA is taking this matter extremely seriously and are taking measures to protect participant data and information security," said Minister Shorten.
"While news of the breach is understandably distressing for anyone who interacts and shares their personal information with the NDIS, we are reassured that both the NDIS and the Department of Social Services (DSS) are doing everything they can to support those impacted, while also ensuring any risk of this happening again in the future is mitigated," said Nicole Lee, PWDA President.
The NDIA confirmed that all 600 people impacted by the cyber security event are being contacted via their preferred method of communication. "We are currently contacting participants who have been impacted to notify and support them – and we are carefully considering their preferred contact method and preference for accessibility of information," an NDIA spokesperson said in a statement to PWDA.
The DSS has also confirmed that the NDIA's systems have not been compromised.
The NDIA is taking additional precautions to protect potentially impacted individuals, actively monitoring plans and account transactions for any unusual or suspicious activity.
The Agency is encouraging anyone who is concerned their data has been accessed to call the them on 1300 216 807. You can also take the following precautions:
- Stay alert to increased scam activity, particularly email and SMS or telephone phishing scams. These scams look like they come from an organisation you know but are fake.
- Do not click on any suspicious links or provide your passwords or any personal information. Always refuse any unprompted request from an individual to access your computer even if they say they are from a credible organisation.
- Change your online account passwords. Always use strong passwords. The Australian Cyber Security Centre has guides on good password practices.
- Enable multi-factor authentication for your accounts where possible. This means using extra checks to prove your identity.
- Install up-to-date anti-virus software on any devices you use to access your online accounts.
- Monitor your bank account transactions and check your credit report to see if it has any unauthorised loans or applications.