https://www.9news.com.au/national/thousands-of-court-files-leaked-nsw-department-communities-and-justice/4b885e18-b3a8-4b0d-9a6e-2f70ca511a1c
https://www.police.nsw.gov.au/news/news?sq_content_src=%2BdXJsPWh0dHBzJTNBJTJGJTJGZWJpenByZC5wb2xpY2UubnN3Lmdvdi5hdSUyRm1lZGlhJTJGMTE3NTg0Lmh0bWwmYWxsPTE%3D
Cybercriminals Target NSW Online Registry, Stealing Data That Could Endanger Domestic Violence Victims
Australian authorities have launched an investigation into a serious cyber attack on the New South Wales Online Registry website (ORW), which has resulted in the theft of approximately 9,000 sensitive legal files. The breach, discovered on Tuesday, has prompted immediate action from cybercrime detectives and the Department of Communities and Justice (DCJ).
Among the compromised data are affidavits and apprehended violence orders (AVOs), which are restraining orders designed to protect victims of domestic violence, child abuse, assault, harassment, stalking, and sexual assault. Security experts are particularly concerned about the theft of these documents, as they contain names and addresses of both victims and alleged offenders, potentially putting vulnerable individuals at risk if released publicly.
“I’ve been advised by the Department of Communities and Justice about a significant cyber breach affecting the NSW Online Registry Website,” said Michael Daley, NSW’s attorney general, in a press statement. “The NSW government is taking this incident seriously. I am assured that DCJ is working with Cyber Security NSW and the NSW Police to ensure the ongoing integrity of the system.”
Law enforcement officials have begun contacting individuals they believe may be affected by the breach. They have also urged anyone concerned about their data being compromised to file a report through ReportCyber, Australia’s official cybercrime reporting service.
The incident raises serious concerns about potential extortion, as the stolen AVOs would provide cybercriminals with powerful leverage against victims who may pay to prevent the public release of sensitive information about their cases. The full extent of the data theft is still being determined as the investigation continues.
This breach follows a similar incident in Victoria’s court system just a year ago, where a suspected ransomware attack resulted in the theft of various audio-visual files from the network, with compromised data spanning from 2016 to late 2023.
While officials described the ORW as “a secure online platform,” the successful exfiltration of thousands of sensitive legal documents raises questions about the effectiveness of cybersecurity measures protecting Australia’s judicial information systems.