VBA Plumbing Audit Data Incident
Monday, 24 December 2018
The Victorian Building Authority advises that plumbing audit data relating to Victorian plumbing practitioners and VBA plumbing inspectors was temporarily exposed on the unsecured server of a third-party supplier.
The data was accessible for a 17-day period from 26 November to 12 December 2018.
The unsecured data contained the names of practitioners and inspectors, their telephone contact numbers, site addresses and details of rectification order numbers. An independent assessment by IDCARE has advised that it has rated the risk of identity misuse because of this data exposure as very low .
The data does not include any bank account or credit card details. No financial data of any kind is involved.
VBA IT systems have not been breached.
What action is the VBA taking?
The VBA takes privacy and information security very seriously and has mobilised a Cyber Security Incident Response Team to ensure that any impacts are minimised.
The VBA’s initial priority was to secure the affected data. The VBA confirms that the data can no longer be accessed without authorisation.
The VBA launched a full investigation into the incident and sought advice from IDCARE, Australia and New Zealand’s expert identity and cyber support service, to assess the direct risk of identity misuse related to this incident.
The VBA has engaged cyber security experts to assist with its investigation and undertake a review of information security practices.
The VBA notified the Office of the Victorian Information Commissioner of this incident on 13 December 2018. The VBA takes privacy and information security very seriously.
The VBA’s commitment to you
The VBA unreservedly apologises for this data exposure incident and would like to reassure all plumbing practitioners that it is working to understand exactly who is affected.
The VBA will publish an update on this incident on its website.
In the meantime, if you have any concerns regarding this incident, please call the VBA Plumbing Audit Data Incident Support Line on 1800 957 443. The line will be operating 24 hours a day, 7 days a week.
What can I do to protect my personal information online?
An incident such as this is a timely reminder that we all need to be vigilant when it comes to unsolicited communications via telephone and email. As always, this includes looking out for potential spam emails and suspicious phone calls that might attempt to gather personal information from you.
You can find additional guidance on how to protect your identity and respond to identity concerns by reading the Office of the Australian Information Commissioner’s data breach guidance for individuals and visiting IDCARE’s Learning Centre.
If you are concerned about your privacy, please contact the Office of the Victorian Information Commissioner by calling 1300 006 842 or emailing firstname.lastname@example.org.