❓ A WA parliamentary question reveals cybersecurity breaches within the Department of Fire and Emergency Services (DFES) in 2018 and 2019, primarily involving email account compromises due to phishing. No breaches were reported in 2017.
AnsweredQoN 6321Legislative Assembly
QuestionView source ↗
I refer to each Department, Agency and Government Trading Enterprise within the Minister’s portfolio of Emergency Services, and I ask: (a) Were there any cybersecurity breaches to agency computer systems or servers in 2017; (b) If yes to (a), for each breach: (i) When did the breach occur; (ii) What entity was responsible for each breach and what was their suspected purpose; (iii) What information was compromised; and (iv) How did the breach occur and what action has been taken to stop a recurrence of this breach; (c) Were there any cybersecurity breaches to agency computer systems or servers in 2018; (d) If yes to (c), for each breach: (i) When did the breach occur; (ii) What entity was responsible for each breach and what was their suspected purpose; (iii) What information was compromised; and (iv) How did the breach occur and what action has been taken to stop a recurrence of this breach; (e) Were there any cybersecurity breaches to agency computer systems or servers in 2019; and (f) If yes to (e), for each breach: (i) When did the breach occur; (ii) What entity was responsible for each breach and what was their suspected purpose; (iii) What information was compromised; and (iv) How did the breach occur and what action has been taken to stop a recurrence of this breach?
AnswerView source ↗
Answered
12 August 2020
Responded by
Minister for Emergency Services; Corrective Services
Response time
2 days
For the purpose of this response, DFES defines a security breach as a successful attempt by an attacker to gain unauthorised access to an organisation’s computer systems.
(a) In 2017 no known security breaches occurred to agency computer systems or servers.
(b)(i) - (iv) Not applicable.
(c) In 2018 four known security breaches occurred to agency computer systems or servers:
(d - f) The State Government takes seriously any security breach or compromise of Agency data. DFES has implemented numerous cyber security enhancements consistent with the State Government’s strengthening of cybersecurity, ICT performance and data sharing following the security breaches and continues to work towards improving cyber security capability. Since mid-2018 DFES has implemented an ongoing program of works to identify and mitigate risks to the confidentiality, integrity and availability of DFES information and systems.
In 2018 four known security breaches occurred to agency computer systems or servers.
Breach 1 – Email compromise
8 October 2018
ii. Unknown
iii. Email account credentials for one account
iv. Suspect the user entered credentials into phishing website causing automated entry to their mailbox, resulting in spam/phishing emails being sent from a DFES mailbox. The user account credentials were reset.
Breach 2 – Email compromise
9 October 2018
ii. Unknown
iii. Email account credentials for one account
iv. Suspect the user entered credentials into phishing website causing automated entry to their mailbox, resulting in spam/phishing emails being sent from a DFES mailbox. The user account credentials were reset.
Breach 3 – Email compromise
25 October 2018
ii. Unknown
iii. Email account credentials for one account
iv. Suspect the user entered credentials into phishing website causing automated entry to their mailbox, resulting in spam/phishing emails being sent from a DFES mailbox. The user account credentials were reset.
Breach 4 – Email compromise
10 December 2018
ii. Unknown
iii. Email account credentials for one account
iv. Suspect the user entered credentials into phishing website causing automated entry to their mailbox, resulting in spam/phishing emails being sent from a DFES mailbox. The user account credentials were reset.
In 2019 five known security breaches occurred to agency computer systems or servers.
Breach 1 – Email compromise
9 January 2019
ii. Unknown
iii. Email account credentials for one account
iv. Suspect the user entered credentials into phishing website causing automated entry to their mailbox, resulting in spam/phishing emails being sent from a DFES mailbox. The user account credentials were reset.
Breach 2 - Email compromise
19 May 2019
ii. Unknown
iii. Email account credentials for one account
iv. Suspect the user entered credentials into phishing website causing automated entry to their mailbox, resulting in spam/phishing emails being sent from a DFES mailbox. The user account credentials were reset.
Breach 3 - Email compromise
5 July 2019
ii. Unknown
iii. Email account credentials for one account
iv. Suspect the user entered credentials into phishing website causing automated entry to their mailbox, resulting in spam/phishing emails being sent from a DFES mailbox. The user account credentials were reset, Multi-Factor Authentication (MFA) applied and credentials breach was reported through the Office of Digital Government Incident Reporting Portal.
Breach 4: - Email compromise
14 August 2019
ii. Unknown
iii. Email account credentials for three accounts
iv. Suspect the user entered credentials into phishing website causing automated entry to their mailbox, resulting in spam/phishing emails being sent from a DFES mailbox. The affected user account credentials were reset, Multi-Factor Authentication (MFA) applied and credentials breach was reported through the Office of Digital Government Incident Reporting Portal.
Breach 5: - Email compromise
21 August 2019
ii. Unknown
iii. Email account credentials for two accounts
iv. Suspect the user entered credentials into phishing website causing automated entry to their mailbox, resulting in spam/phishing emails being sent from a DFES mailbox. The affected user account credentials were reset, Multi-Factor Authentication (MFA) applied and credentials breach was reported through the Office of Digital Government Incident Reporting Portal.
(a) In 2017 no known security breaches occurred to agency computer systems or servers.
(b)(i) - (iv) Not applicable.
(c) In 2018 four known security breaches occurred to agency computer systems or servers:
(d - f) The State Government takes seriously any security breach or compromise of Agency data. DFES has implemented numerous cyber security enhancements consistent with the State Government’s strengthening of cybersecurity, ICT performance and data sharing following the security breaches and continues to work towards improving cyber security capability. Since mid-2018 DFES has implemented an ongoing program of works to identify and mitigate risks to the confidentiality, integrity and availability of DFES information and systems.
In 2018 four known security breaches occurred to agency computer systems or servers.
Breach 1 – Email compromise
8 October 2018
ii. Unknown
iii. Email account credentials for one account
iv. Suspect the user entered credentials into phishing website causing automated entry to their mailbox, resulting in spam/phishing emails being sent from a DFES mailbox. The user account credentials were reset.
Breach 2 – Email compromise
9 October 2018
ii. Unknown
iii. Email account credentials for one account
iv. Suspect the user entered credentials into phishing website causing automated entry to their mailbox, resulting in spam/phishing emails being sent from a DFES mailbox. The user account credentials were reset.
Breach 3 – Email compromise
25 October 2018
ii. Unknown
iii. Email account credentials for one account
iv. Suspect the user entered credentials into phishing website causing automated entry to their mailbox, resulting in spam/phishing emails being sent from a DFES mailbox. The user account credentials were reset.
Breach 4 – Email compromise
10 December 2018
ii. Unknown
iii. Email account credentials for one account
iv. Suspect the user entered credentials into phishing website causing automated entry to their mailbox, resulting in spam/phishing emails being sent from a DFES mailbox. The user account credentials were reset.
In 2019 five known security breaches occurred to agency computer systems or servers.
Breach 1 – Email compromise
9 January 2019
ii. Unknown
iii. Email account credentials for one account
iv. Suspect the user entered credentials into phishing website causing automated entry to their mailbox, resulting in spam/phishing emails being sent from a DFES mailbox. The user account credentials were reset.
Breach 2 - Email compromise
19 May 2019
ii. Unknown
iii. Email account credentials for one account
iv. Suspect the user entered credentials into phishing website causing automated entry to their mailbox, resulting in spam/phishing emails being sent from a DFES mailbox. The user account credentials were reset.
Breach 3 - Email compromise
5 July 2019
ii. Unknown
iii. Email account credentials for one account
iv. Suspect the user entered credentials into phishing website causing automated entry to their mailbox, resulting in spam/phishing emails being sent from a DFES mailbox. The user account credentials were reset, Multi-Factor Authentication (MFA) applied and credentials breach was reported through the Office of Digital Government Incident Reporting Portal.
Breach 4: - Email compromise
14 August 2019
ii. Unknown
iii. Email account credentials for three accounts
iv. Suspect the user entered credentials into phishing website causing automated entry to their mailbox, resulting in spam/phishing emails being sent from a DFES mailbox. The affected user account credentials were reset, Multi-Factor Authentication (MFA) applied and credentials breach was reported through the Office of Digital Government Incident Reporting Portal.
Breach 5: - Email compromise
21 August 2019
ii. Unknown
iii. Email account credentials for two accounts
iv. Suspect the user entered credentials into phishing website causing automated entry to their mailbox, resulting in spam/phishing emails being sent from a DFES mailbox. The affected user account credentials were reset, Multi-Factor Authentication (MFA) applied and credentials breach was reported through the Office of Digital Government Incident Reporting Portal.
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.