Victorian Ambulance suffers a data breach with personal data of 3,000 employees hacked
March 29, 2025
The Australian reports that Victorian Ambulance has suffered a data breach involving the personal and financial details of 3,000 employees. This data breach may have been caused by what has been described as a rogue employee. This is not a first for Ambulance Victoria. In 2023 it suffered a privacy breach, this time internal sharing of a personal information. In the 2023 privacy breach the “..documents have been accessed only a handful of times in the past six months.” An exercise in minimisation. On this occasion the breach was detected by systems by the employee on his or her last day of service. In 2019 I posted on a data breach involving NSW Ambulance Offices which resulted in a class action and settlement of $275,000.
Data breaches involving staff going rogue are a chronic problem and can be a difficult problem if there are not proper policies and systems in place. Some staff or soon to be ex staff are motivated by malice, others by greed and some by curiosity. It is important to have programs in place that detect suspicious activity, like massive copying or exfiltration. It is also important to have a data breach response plan, involving roles for members of the organisation. There also needs to be a plan to take court action if necessary. It is common to seek injunctive relief against ex staff or consultants who make off with data. That is not as an alternative to contacting police but complementing such action.
One question the regulators will no doubt ask is Read the rest of this entry »