CTARS Consumer Data Notification
We are writing to inform you of a recent cyber-attack experienced by the cloud-based client management system provider, CTARS Pty Ltd (CTARS) engaged by Southern Cross Support Services (SCSS).
It is estimated around 90 organisations across Australia have been impacted by the data breach at CTARS.
CTARS has informed us that data containing personal information relating to our clients, carers, and their contacts has been accessed and was downloaded from its systems as a result of a cyber-attack. SCSS takes the safety and privacy of our clients seriously and are advising those people potentially impacted by the cyberattack so they can take appropriate measures and access the relevant support services. Unfortunately, some of your personal information was held in that database and therefore may have been impacted by this incident. We are working closely with CTARS who have engaged the services of a forensic investigator to identify the complex nature of the incident and to determine the extent of data access.
What should you do:
Steps to protect your personal information
Regardless of whether you have been affected by this data breach, the following steps can help to protect personal information:
- Remain vigilant and monitor accounts.
- Never respond to unsolicited phone calls, emails or text messages.
- Scammers impersonate other organisations to convince people to take action. If you are not sure, do your own research and make contact using publicly listed contact details for the organisation.
- Wherever possible implement multi-factor authentication for online accounts.
- Ensure you have anti-virus software on all of your online devices.
It is important that you understand the steps that you can take to reduce the potential impact on your personal information. To find out more about these steps please visit this page https://ctars.com.au/ctars-data-breach.
What support is available
CTARS have arranged free support from IDCARE, Australia’s national identity and cybersecurity community support service. Anyone affected by this incident, but particularly high risk and vulnerable persons, can engage an IDCARE Case Manager for free via IDCARE’s Get Help Web Form at: https://www.idcare.org/contact/get-help.
Alternatively, you may visit IDCARE’s Learning Centre for further information and resources on protecting your personal information https://www.idcare.org/learning-centre.
IDCARE’s services may be accessed by providing referral code CTR22 when completing its Get Help Web Form or calling 1800 595 160.
What is CTARS and how does it involve SCSS?
CTARS is a provider of client management systems and operational service solutions for NDIS, disability services, out of home care and children’s’ services. The data held by CTARS was compromised in a sophisticated cyberattack in May 2022. SCSS is one of more than 90 CTARS clients Australia-wide that sustained data breaches as a result.
What information has been taken and has it been used?
CTARS has been unable to confirm exactly what information was affected however, it is likely that different types of information, including contact and personal information, and in some cases, health-related personal information were compromised in the cyberattack.
So far, investigations have not revealed that the captured information has been misused however, it is too early to confirm and further forensic investigations and monitoring are underway.
CTARS has engaged an external cybersecurity and forensic specialist team who have been working to contain the event, implemented additional security measures and investigate the breach.
Chief Executive Officer
Southern Cross Support Services