Hackers accessed a limited amount of about information on 30,000 Australian government workers when a local directory was accessed and downloaded.
The partial directory contained work emails, job titles and work phone numbers and the person’s mobile phone number if it is part of the staffer’s profile, reported Australian ABC News. It is thought that the breach resulted from a successful phishing attack against an employee of the state of Victoria.
Victoria government officials have issued a warning on the hack which they said could lead to a higher level of email and phone-based phishing attacks.
There is also the possibility the personal data involved could be used as part of an influence campaign by either a commercial interest or nation-state, Suelette Dreyfus, a researcher in cyber-security and privacy at the University of Melbourne, told ABC.
"Whether that’s for commercial reasons about winning a contract or whether you were an international state player who might have an interest — financial or policy-wise — all of these types of people could be advantaged by the information that was actually hacked," she said.
No financial information was disclosed.
Australia recently passed legislation aimed at forcing tech companies to give police and intelligence agencies access to encrypted communications. The law would require backdoors to be built into encrypted messaging systems.