Data Breach Update – Commencement of individual
notifications
We will
soon be commencing the process of direct communications with individuals
impacted by the February cyber-attack and data breach.
The
extraction and analysis of data that was released on the dark web has taken a
very significant effort working with external specialists. We have now
completed the work of identifying and prioritising this personal data.
Most
recently, this work has concentrated on collating contact details for any
individuals affected. A process and IT solution for issuing notifications to
affected individuals is being finalised and we expect communications with
individuals to commence before the end of December 2023, on a priority basis.
We continue
to liaise with the Data Protection Commissioner’s Office in relation to our
compliance and data subject notification obligations in this regard and more
generally.
In
addition, from the outset we have had a expert service engaged in the
monitoring of the dark and surface (normal) web and any attempts to access or
further disseminate the data. We are now conducting that monitoring using an
internal system which complies with industry standards.