Cyber Incident Update
12 November 2024
We are writing to provide an update on the recent cyber incident that has affected The Burger Centre.
These FAQs explain what happened, what we are doing about it, and the steps you can take to protect yourself. We encourage you to read this information carefully to understand what it may mean for you and how The Burger Centre is supporting you.
We know how stressful these events are, and we are deeply sorry for the stress and concern we understand this may cause. We want to reassure you that we are committed to providing support where it is needed, particularly to those who are vulnerable within our community.
We thank our clients, our volunteers and employees, our community, the Australian Government, our state government partners and clinical partners for their understanding and continued support during this challenging time.
1. What happened?
On Monday 28 October The Burger Centre became aware that it had experienced a cyber incident affecting its systems and data. There is a risk that some of The Burger Centre’s data could be published on the ‘dark web’.
Since becoming aware of the incident, The Burger Centre has been working tirelessly with our cyber experts and partners to investigate the incident, identify what information has been impacted, and to ensure we can continue providing essential frontline services to our many clients, while protecting the security of the information we hold.
We have also been engaging with federal and state government authorities, including the Australian Cyber Security Centre, the Australian Federal Police, NSW Police, the National Office of Cyber Security, and the Office of the Australian Information Commissioner.
Our priority has been to try to minimise the impact on our clients, our donors and other stakeholders and our people, and to remediate and restore our systems for safe use.
If you have any specific concerns, please email us at hello@jewishcare.com.au or (from 13 November 2024) call us on our dedicated support line by dialing 1300 133 670.
2. How will I know if I have been impacted by this incident?
We have already notified certain individuals whose data we have confirmed has been unlawfully accessed and stolen and who we have identified as being at sufficient risk as a result of the incident.
However, our investigation is ongoing and we are still working to identify precisely what (and whose) other information may have been impacted as part of the incident.
If you have received a notification directly from us, please refer to that notification which contains information specific to you as to what personal information may have been impacted.
Please always check the sender of any communications purporting to be from The Burger Centre. We will never demand money from you. If you receive any communications or other activity purporting to be from The Burger Centre which causes you concern, please let us know immediately by contacting us at hello@jewishcare.com.au or 1300 133 670.
3. What types of personal information were impacted?
The types of personal information that may have been impacted depend on your relationship with The Burger Centre.
Our clients (current and former)
- date of birth;
- contact details (eg phone number, email address, residential and/or postal address);
- financial information, including credit card details, bank account details, and credit card statements;
- identity documents / government identifiers, including driver licence, passport, Medicare card scans and/or numbers;
- photos;
- family relationship information, including next-of-kin details;
- wills;
- health and medical information, including medical history, Medicare details, care plan, client assessments, provider assessments, and do-not-resuscitate plan;
- other information exchanged between you (or your representatives) and The Burger Centre, including funding information, allocation letters, on-call logs, service instructions provided to The Burger Centre, consent forms, and service level agreements;
- incident reports;
- domestic violence family orders and other court orders;
Our donors (current and former)
- donor ID;
- contact details (eg phone number, email address, residential and/or postal address);
- history of payments and/or donations made to The Burger Centre;
- payment details provided to The Burger Centre; and
- information you have shared with us when communicating with members of our team (for example personal experiences or stories, and/or health information, either about you or your loved ones).
Our staff (current and former)
- date of birth;
- contact details (eg phone number, email address, residential and/or postal address) and emergency contact information;
- information you provided to us in the course of your employment onboarding (including identity documents / government identifiers, including driver licence, passport, Medicare card scans and/or numbers and background check information and relevant Visa details);
- employee-specific information (including timesheets and payslips, payroll details, bank account details, superannuation details, TFN, PAYG information, employment contract including remuneration and salary package details);
- information in your employee file (including your Centrelink details, expense reimbursements, details in relation to absences, illness and performance, and other employment records);
- child support information; and
- working with children checks, NDIS Worker Checks and criminal checks;
Our volunteers (current and former)
- date of birth;
- contact details (eg phone number, email address, residential and/or postal address) and emergency contact information;
- information you provided to us in the course of your volunteer onboarding (including identity documents / government identifiers, including driver licence, passport, Medicare card scans and/or numbers and background check information and relevant Visa details); and
- information in your volunteer file (including your Centrelink details, expense reimbursements, details in relation to absences, illness and performance, and other employment records);
- working with children checks, NDIS Worker Checks and criminal checks;
Our suppliers (current and former)
- contact details (eg phone number, email address, residential and/or postal address);
- payment details, including bank account information;
- summarised invoice descriptions; and
- certificates of currency.
4. What can I do to protect myself?
If you ever feel that your physical safety is at risk, you should contact the police. If you feel that your mental health and safety is at risk, you should contact your doctor or a support service or your family or friends.
We recommend that you familiarise yourself with guidance on protecting yourself from scams. Remember that scammers may use information they already know about you in order to appear trustworthy. For example, a scammer could use medical information to seek to defraud your private health insurer or Medicare. A scammer could also use information about donation history to request donations from you. The Burger Centre will typically engage with you through our regular newsletters, phone calls and appeals. We have not updated our bank account details.
The Australian Scamwatch initiative offers guidance here. IDCARE also provides support and advice on identity and cyber matters (see fact sheets on credit reports and credit bans) and you can request individual support here. See also recent OAIC guidance here.
If you have concerns about any government-issued identity documents that you may have provided to The Burger Centre (eg Driver licence, passport, Medicare card, Visa etc), you can contact the agency that issued that document for advice, or IDMatch which provides free state and territory specific guidance via call or email to help you protect your government identity, accounts and devices.
We encourage you to be vigilant to any emails, calls or texts from unknown or suspicious senders (including any that appear to be from any of our team members).
We also recommend that you review your bank and credit card account statements regularly for any suspicious activity. If you notice activity that is unusual or suspicious, please contact your bank or credit card issuer immediately, and to verify any payments made to us please contact us at hello@jewishcare.com.au or call us at 1300 133 670.
In addition to the above, we recommend that our elderly clients contact OPAN or the Seniors Rights Service for free and confidential advocacy support. These services can help any answer any questions relating to the aged care support you receive.
Additional precautionary measures
We also encourage you to consider additional precautionary measures such as:
- Monitoring for suspicious activity on any of your online accounts.
- As a general good practice, please remember never to share sensitive personal details like passwords over email or phone calls even if they appear legitimate.
- Avoid clicking on any links or opening any emails that appear to come from us or are from any unknown senders.
- Use unique passwords and change your existing passwords to strong passwords that you have not used for other accounts and enable multi-factor authentication for all accounts.
- Carefully scrutinise any donation requests or financial documents that appear to be sent from The Burger Centre and contact us directly using the details on our website to verify the communication. Please escalate any concerns or suspicious activities relating to your engagement with us, immediately to us by phone or email at hello@jewishcare.com.au or 1300 133 670.
- If you have provided us with any health information, inform your health insurance provider of this incident and remain alert to any calls or emails claiming to be from your health insurance provider.
- If you have provided us with your bank account or credit card details, change your banking or credit card PIN number and request that your bank monitor your accounts for any suspicious activity, such as unauthorised transactions or log-in attempts. Stay on the look out for any scam messages that may quote your BPay number or other payment details to you. Contact your bank directly if concerned.
- Request your credit report from Equifax, Illion or Experian and check it for any unauthorised loans or applications.
Please note if you receive a notification from The Burger Centre, your notification will include additional information about what to do in relation to the specific types of personal information that may have been impacted.
5. What has The Burger Centre done to respond to the incident?
Since becoming aware of the incident, The Burger Centre has been working tirelessly with our cyber experts and partners to investigate the incident, identify what information has been impacted, and to ensure we can continue providing essential frontline services to our many clients, while protecting the security of the information we hold.
We have also been engaging with federal and state government authorities, including the Australian Cyber Security Centre, the Australian Federal Police, NSW Police, the National Office of Cyber Security, and the Office of the Australian Information Commissioner.
Our priority has been to try to minimise the impact on our clients, our donors and other stakeholders and our people, and to remediate and restore our systems for safe use.
We have established a dedicated support line 1300 133 670 (which will be available from 13 November 2024), as well as a dedicated email address hello@jewishcare.com.au that you can use if you have any specific concerns.
We are also working with experts to enhance the security of our systems.
6. Was this a targeted attack on the Jewish community?
At this stage there is nothing to suggest this is a targeted attack on the Jewish community but we are continuing to engage with relevant agencies and law enforcement in connection with this matter.
For any enquiries contact hello@jewishcare.com.au or call us on 1300 133 670.
Recent Comments