Australia’s internet domain administrator, auDA, is confirming the details of what appears to be a data breach.
AuDA first stated it was alerted to an alleged breach on Friday.
Yesterday, the organisation issued an expanded statement in which it said it had alerted the Australian Cyber Security Centre, the Department of Home Affairs, and the Office of the Australian Information Commissioner of the alleged breach.
AuDA also said it “began work with industry experts to investigate the claim”, and that the “cyber criminal has provided evidence of a small sample of data they say is in their possession.
It includes screenshots of a file list from a computer.
“Our investigation remains ongoing, including to verify the cyber criminal’s claims and the provenance of this data.”
Twitter account FalconFeedsio said it has viewed some of the data the attacker claims to have.
“They claim to have access to 15GB of [the] organisation’s data which includes powers of attorney & legal docs, passports, personal data, medical reports, loan repayment, death certificates, customer bank accounts details, etc.”
Senator James Paterson said on X, formerly Twitter, that “this would be a concerning breach if confirmed, given auDA’s important role administering domains for Australians.”