Police have strong expectations and policies when it comes to personal data.
Following the breach reported from research company Gravitas we have been unable to get assurances that our information has been kept properly secure and we have begun a process of terminating our contract with them.
Early indications show that the hack, originating in Nigeria, was aimed at obtaining business billing information contained in emails. There is no financial information in the details Police provided to Gravitas.
Police Assistant Commissioner Jevon McSkimming said Police had been working hard to understand the potential impact since the breach was discovered two weeks ago.
Police provide Gravitas with a limited amount of information for the purposes of surveying. It is our expectation and understanding the information is destroyed after it is used. However we have been unable to confirm the scope of the information compromised.
We are confident any risk to people is low. Most information we provide to Gravitas is already in the public domain and consists of names, phone numbers and addresses. We also provide a short description for why a person has contacted us e.g. burglary, disturbance, lost property. More serious events are not included.
Gravitas is an approved All of Government provider. Staff at the research company are police vetted and we are confident there are no integrity issues with employees.
“However, we are very disappointed that a breach of this nature has taken place. We will continue to work with Gravitas to investigate the matter.
“We want to be clear that this is not an internal breach involving Police systems. However, we are reviewing our processes and practises around management of people’s information.
“We would also urge businesses to be aware of emails purporting to change bank account numbers, which may indicate that their systems may have been hacked.
Anyone who is concerned or has questions about the data breach can visit our website where Police have set up a page with questions and answers in relation to the incident.
Police is urging people to be vigilant and keep safe practices online.
• Be cautious about emails or phone calls asking you to update or verify your details online
• Be cautious of emails saying you’ve won prizes from competitions that you don’t remember entering
• Be cautious of emails that try to get you to act quickly by threatening you with legal action or loss of an account
• Ignore any emails asking you to provide personal information like passwords, or banking information
• Remember legitimate organisations like banks will never ask you to send them your password
• Only open email attachments when you’re expecting them, even if you know who the sender is. If you’re unsure if an email is from a legitimate organisation, you can contact them to ask. If you do contact them, make sure you go through their official contact channels – don’t use the phone numbers, websites or email addresses included in the email.
Issued by the Police Media Centre