Security

This article is more than 1 year old

Family Planning office warns customers private parts may be exposed

Contact form data left on server for more than TWO YEARS, then came ransomware

Mon 14 May 2018 // 03:59 UTC

The Australian State of New South Wales' reproductive and sexual health organisation Family Planning NSW has advised users of an April 2018 ransomware attack that may have compromised sensitive information.

The agency apparently retained web form messages on the public-facing server, meaning if its database was breached, attackers would have access to individuals' messages to Family Planning.

The organisation said it's contacting up to 8,000 clients to advise them of the April 26 event, and at the time of writing, its Website carried the message “Our website is getting a security update”.

The agency says it was one of several “targeted by these cyber criminals requesting a Bitcoin ransom on ANZAC Day^* [April 25th]”. The organisation's message says the site was “secured by 10am on April 26”, and “more sensitive medical records held internally were never under threat”.

Family Planning NSW says it has contacted the Australian Federal Police about the attack.

As writer Lauren Ingram pointed out on Twitter, even the contents of a contact form can contain sensitive information: “People contact Family Planning NSW for everything from contraception and advice on unplanned pregnancy/abortion, to cervical cancer screenings, STI tests, vasectomies and men’s sexual heath”, she noted.

Family Planning told The Register while there was a demand for ransom, “According to a security analysis by our webhost, they did not attempt to encrypt data let alone succeed.”

The attackers put a message on the site threatening to shut it down unless they were paid AU$15,000 in Bitcoin, CEO Ann Brassil told a press conference today.

The sensitivity of the information brings any potential breach under Australia's Notifiable Data Breaches Scheme, which launched in February 2018 (it's administered by the Office of the Australian Information Commissioner – there's an explainer here). ®

^* Australian and New Zealand's equivalent of the UK's Remembrance Day and the USA's Memorial Day.

Topics

Special Features

Vendor Voice

Resources

Security

Family Planning office warns customers private parts may be exposed

Contact form data left on server for more than TWO YEARS, then came ransomware

More about

More about

Narrower topics

Broader topics

More about

More about

More about

Narrower topics

Broader topics

TIP US OFF

Other stories you might like

Ransomware gang did steal residents' confidential data, UK city council admits

Nearly 3M people hit in Harvard Pilgrim healthcare data theft

Street newspaper appears to have Big Issue with Qilin ransomware gang

Protecting distributed branch office environments from ransomware

Microsoft confirms memory leak in March Windows Server security update

Yacht dealer to the stars attacked by Rhysida ransomware gang

JetBrains keeps mum on 26 'security problems' fixed after Rapid7 spat

INC Ransom claims responsibility for attack on NHS Scotland

JetBrains is still mad at Rapid7 for the ransomware attacks on its customers

Pandabuy confirms crooks nabbed data on 1.3M punters

Uncle Sam's had it up to here with 'unforgivable' SQL injection flaws

Stanford University failed to detect ransomware intruders for 4 months

About Us

Our Websites

Your Privacy