Peter A Clarke

Courts have long been a target of cyber attacks. There was a data breach at the Australian Federal Court in 2020, revealing names of refugee applicants. In January 2024 the Victorian Court Services were hacked. That involved the recordings of hearings dating as far back as 2016. In January 2021 the United States Courts announced that it was putting in place extra safeguards to protect records in light of previous data breaches. In July 2022 the United States the House Judiciary Committee investigated data breaches involving the U.S. Fedeal Court dating back to early 2020. The latest data breach involves the New South Wales court website. The Government confirms about 9,000 court files, including domestic violence orders were accessed in a data breach.

As is usual in Australia the initial information provided is vague, to put it kindly. It appears that credentials were used, either by a hacker/other acquiring those credentials or a person within the Department misusing his or her credentials.  While the account holder gained unlawful access to the system the obvious question is the adequacy of the controls protecting the information.  Was there a separate password, available to only those with specific  clearance, required to access that information?  Why wasn’t there notification to IT of a person without authorisation accessing the information?  How the breach was detected is not clear.  The ABC reports that the breach was only detected later during a routine maintenance when technicians noticed some data had changed. News reports that the breach was identified during a “security check” after some data had changed.  Different backgrounding going on.  Even more curious is what happened to the data.  “Accessed” is a general term with a meaning ranging from have the ability to open documents to actually opening those documents to exfiltrating those files. It seems likely that the processes operating at the New South Wales Department of Justice were deficient.

The ABC report of the data breach provides:

The news.com report provides:

Cybercrime detectives are investigating the breach involving the Department of Communities and Justice (DCJ) that was identified on Tuesday.

Officers attached to the State Crime Command’s cybercrime squad have been called in to investigate.

NSW Police on Wednesday said the breach occurred on the state’s Online Registry website, a secure online platform that provides access to information involved in both civil and criminal cases across the NSW court system.

The breach has affected the online public registry that people use to upload documents to the system.

“Cybercrime detectives commenced an investigation under Strike Force Pardey and are working closely with DCJ in order to contain the breach after approximately 9000 sensitive court files, including apprehended violence orders and affidavits, were downloaded,” police said in a statement.

“Investigations remain ongoing to establish the full extent of the breach.

“Anyone who thinks their details may have been compromised, always make sure to make a report through ReportCyber.”

NSW Attorney-General Michael Daley said it would take about a week to identify what happened with the files and what data the hacker viewed.

“What we don’t know yet is which files were actually accessed and what the hacker did with them, whether he or she just viewed them or downloaded and shared them,” Mr Daley said at a press conference on Thursday.

“A briefing that I had with the police this morning, they said it’ll be about a week before they know exactly what has happened with those files and the exact nature of the data that was viewed by the hacker.”

Acting Superintendent Jason Smith confirmed that data containing information about apprehended violence orders and the details of minors could have “potentially’ been accessed in the breach.

When asked about whether this meant potential victims of domestic violence had to wait a week to get certainty about their protection, he said “that’s correct”.

“I guess what I would say to people is if you have concerns about your safety as a result of this data breach you should contact your local police station,” Superintendent Smith said.

“Additionally, if you believe that your identity documents have been compromised as a result of any data breach, you can reach out to ID Support NSW who will provide you assistance in remediating your identity documents.”

The DCJ will contact affected account holders and advise them of what happened and next steps once those affected are identified.

Mr Daley said the breach didn’t necessarily mean the documents had been copied, downloaded or shared, but it “just means the file might have been opened”.

“We don’t know what they’ve done with the data yet, we just know that there’s 9000 files that appear somehow to have been accessed,” he said.

“Importantly, the experts have been looking through the dark web and employing other techniques they use to work out what may have happened with the data, and I can advise that as of this morning my advice is that no data that was on the justice link network has appeared in the public domain – not on the dark web or anywhere else.”

Mr Daley said the breach was identified during a security check of the justice link system last week when it was “detected that some data within that system had changed”.

“Upon further examination they worked out that an account holder within the justice link system had gained an unlawful entry into that system. They had accessed 9,000 files,” Mr Daley said.

DCJ cyber experts then moved to shut down the user’s account and “rectify the vulnerability”, Mr Daley said.

“As soon as they did that the hack stopped,” he said.

“They worked out that this user had infiltrated a unit within the justice link system, not the whole system itself, with something called a python script.”

Mr Daley earlier said the government was taking the matter seriously.

“I’ve been advised by the Department of Communities and Justice about a significant cyber breach affecting the NSW Online Registry website,” he said.

“I am assured that DCJ is working with Cyber Security NSW and the NSW Police to ensure the ongoing integrity of the system.

“They are also working to urgently identify and contact affected users, and the public will be kept updated as more information becomes available.”

A spokesperson for DCJ said none of the compromised data had been shared publicly as a result of the breach.

“DCJ is working to urgently identify and contact affected users and will provide updates as more information becomes available,” they said

The Attorney General’s media release is ridiculously vague providing: