❓ A WA parliamentary question reveals cybersecurity breaches within the Department of Justice in 2017 and 2019, prompting security enhancements and investigations.
AnsweredQoN 6317Legislative Assembly
QuestionView source ↗
I refer to each Department, Agency and Government Trading Enterprise within the Minister’s portfolio of Corrective Services, and I ask: (a) Were there any cybersecurity breaches to agency computer systems or servers in 2017; (b) If yes to (a), for each breach: (i) When did the breach occur; (ii) What entity was responsible for each breach and what was their suspected purpose; (iii) What information was compromised; and (iv) How did the breach occur and what action has been taken to stop a recurrence of this breach; (c) Were there any cybersecurity breaches to agency computer systems or servers in 2018; (d) If yes to (c), for each breach: (i) When did the breach occur; (ii) What entity was responsible for each breach and what was their suspected purpose; (iii) What information was compromised; and (iv) How did the breach occur and what action has been taken to stop a recurrence of this breach; (e) Were there any cybersecurity breaches to agency computer systems or servers in 2019; and (f) If yes to (e), for each breach: (i) When did the breach occur; (ii) What entity was responsible for each breach and what was their suspected purpose; (iii) What information was compromised; and (iv) How did the breach occur and what action has been taken to stop a recurrence of this breach?
AnswerView source ↗
Answered
12 August 2020
Responded by
Minister for Emergency Services; Corrective Services
Response time
2 days
(a) Yes.
(b)(i) 11th January 2017.
(ii) Unknown.
(iii) Unknown.
(iv) A user clicked on a link from a news website and was further instructed to contact a technician for IT support which they did. The call was disconnected before the end of their conversation. The user immediately alerted the IT Department of the incident. IT reset the users passwords, wiped and rebuilt the PC. To minimise the chances of recurrence, the Department of Justice conducted social engineering awareness raising exercises and undertook an internal social engineering audit.
(c) No.
(d) Not applicable.
(e) Yes.
(f)(i) 15 th November 2019.
(ii) It was a phishing email. Unknown.
(iii) No.
(iv) The bank details of an employee were changed after Payroll received an email from an individual purporting to be a genuine employee of the Department. Once HR were alerted of the change, they immediately identified a security breach and the matter was reported to the fraud department of the employee’s bank and to the WA Police. To minimise the chances of recurrence, the Department of Justice:
(b)(i) 11th January 2017.
(ii) Unknown.
(iii) Unknown.
(iv) A user clicked on a link from a news website and was further instructed to contact a technician for IT support which they did. The call was disconnected before the end of their conversation. The user immediately alerted the IT Department of the incident. IT reset the users passwords, wiped and rebuilt the PC. To minimise the chances of recurrence, the Department of Justice conducted social engineering awareness raising exercises and undertook an internal social engineering audit.
(c) No.
(d) Not applicable.
(e) Yes.
(f)(i) 15 th November 2019.
(ii) It was a phishing email. Unknown.
(iii) No.
(iv) The bank details of an employee were changed after Payroll received an email from an individual purporting to be a genuine employee of the Department. Once HR were alerted of the change, they immediately identified a security breach and the matter was reported to the fraud department of the employee’s bank and to the WA Police. To minimise the chances of recurrence, the Department of Justice:
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.