We are writing to inform you of a recent data breach that may have affected your personal data. As an organisation, we are committed to protecting your privacy and complying with legislative requirements.
What happened?
VMIAC finance email was subject to unauthorised access by a third party via social engineering in an attempt to divert our government funding in early August 2024.
What we are doing
We immediately upgraded our IT systems and security upon discovering the breach and notified the relevant government authority.
What Information was affected?
Based on our investigation, we understand that personal information contained in the finance email could have been accessed.
This includes:
i. Personal information sent to finance email, including individuals’ names, addresses, phone numbers, bank details, TFN declarations, DOB, employment contracts, statements by suppliers, WWC, medical certificates, and employment forms.
What you can do
Some of the steps you may consider taking to protect yourself include:
Keep an eye on correspondence and ensure no payment details are changed without an over-the-phone verification
Be aware of emails and telephone calls from people requesting your details (especially things like your date of birth, residential address, email address, username or passwords, which are often used to verify your identity).
Change your account password. · Contact IDCare on 1300 432 273 or visit www.idcare.org, which can provide you with additional guidance on the steps you can take to protect yourself from identity fraud.
Contact the Australian Tax Office on 1800 467 033 or your superannuation fund so that they can consider placing additional monitoring and security protocols on your account.
Alert your financial institution so that they can implement additional monitoring and security protocols on your account.
Closely monitor your financial statements for unauthorised transactions. If you identify a transaction you didn’t make, report it immediately to your financial institution.
Change your online bank account password and banking PIN and enable multi-factor authentication if possible.
Contact Australia’s three credit reporting agencies (Equifax, illion and Experian) to confirm if your identity has been used to obtain credit without your knowledge or to request for a credit ban to be put in place.
Further information is available on the Office of the Victorian Information Commissioner’s website at www.ovic.vic.gov.au/privacy/for-the-public/data-breaches-and-you.
More information and making a complaint
If you have any concerns about what has happened or would like further information, you can contact:
Vrinda Edan
Vrinda.edan@vmiac.org.au
If you are not satisfied with how we have handled this incident or you have experienced some harm as a result, you can make a privacy complaint. You can do so by contacting us by email at vmiac@vmiac.org.au.
It would be helpful if you could explain how you have been affected by the breach and what you would like us to do to resolve your complaint.
If we cannot resolve your complaint, you can file a complaint to Office of the Australian Information Commissioner
https://www.oaic.gov.au/privacy/privacy-complaints
Yours sincerely,
Vrinda Edan
Chief Executive Officer