Members may be aware of recent media reports of a significant data breach resulting in personal information relating to emergency services personnel circulating on the 'dark web'.
After preliminary investigations we can advise members of the following:
- CFA has confirmed that there has been NO breach of CFA systems
- The data breach appears to be limited to a small subset of members and is limited to data that is shared with the wider sector regarding members who perform Incident Management roles
- The data suggests the information includes volunteers and staff from CFA, MFB, VicPol and DELWP
- The information appears limited to name, rank, Brigade/Work Location, gender and member ID. CFA has confirmed that the data does not include any medical information
- The majority of CFA members who have had their data shared have been contacted. Work continues to reach anyone by phone who does not have a current email address
- Due to the multi agency aspect of the breach, the Department of Premier and Cabinet is coordinating Government response. The matter has been referred to Victoria Police who are being supported by IDCARE who is the National identity and cyber support service
CFA has advised that it is working with partner agencies to ensure data security is heightened to reduce the potential for any breaches. We will continue to monitor and advise of any updates as they become available.
