Information Technology

Cyberattackers are now using the notoriety of the Colonial Pipeline ransomware attack to leverage further phishing attacks, according to the findings of a cybersecurity company. It is common for attackers to use widely-covered news events to get people to click on malicious emails and links, and cybersecurity firm INKY said it recently received multiple helpdesk emails about curious emails their customers were receiving. INKY customers reported receiving emails that discuss the ransomware attack on Colonial Pipeline and ask them to download “ransomware system updates” in order to protect their organization from a similar fate. The malicious links take users to websites with convincing names — ms-sysupdate.com and selectivepatch.com — both of which are newly created and registered with NameCheap. The same domain that sent the emails also controlled the links, INKY explained in a blog post. 
INKY
The people behind the attack were able to make the fake websites look even more convincing by designing them with the logo and images from the target company. A download button on the page downloads a “Cobalt Strike” file onto the user’s computer called “Ransomware_Update.exe.”In March, Red Canary’s 2021 Threat Detection Report listed “Cobalt Strike” as the second most frequently detected threat and the INKY report notes that Talos Intelligence found it was involved in 66% of all ransomware attacks in Q4 of 2020. Bukar Alibe, data analyst for INKY, said they began to see the phishing attack just a few weeks after news broke that the pipeline paid millions to the DarkSide ransomware group in order to restore the company’s systems.  

“In this environment, phishers tried to exploit people’s anxiety, offering them a software update that would ‘fix’ the problem via a highly targeted email that used design language that could plausibly be the recipient’s company’s own,” Alibe wrote. “All the recipient had to do was click the big blue button, and the malware would be injected.”In addition to capitalizing on the fear around ransomware, the attackers made the emails and fake website look like it came from the user’s own company, giving them an air of legitimacy, Alibe added. The attackers were also able to get past many phishing systems by using new domains. 
INKY
“If it looks as if it was sent by the company itself (e.g., from HR, IT or Finance), does it in fact originate from an email server under the company’s control? If it looks like the HR or IT Departments but deviates from the norm, that should be a flag,” the blog post said. Alibe urged IT teams to notify employees that they will “not be asked to download certain file types” because these kinds of phishing emails seek to exploit employees desire to do the right thing by following purported security guidelines. Alibe noted that the attack was targeted toward two companies and said IT teams should expect more attacks along the same lines. “We would not be surprised if we see attackers use the recent Nobelium-USAID phishing campaign as a lure,” Alibe said.  More

Facial recognition opponents rejoiced this week after the local government of King County, Washington voted to ban local police from using the technology. The move was notable for a number of reasons. The ACLU of Washington said in a statement that the new King County ban on police use of facial recognition software was the first in the country to be county-wide and cover multiple cities. Electronic Frontier Foundation senior staff attorney Adam Schwartz added that it was the most populous government body to institute a ban, with more than two million residents within its borders. The ban was also hailed among privacy advocates as a direct shot at Microsoft and Amazon, both of which have headquarters in King County’s biggest city: Seattle. “The movement to ban this tech is growing across the country. Even when 100% accurate, this technology ends up disproportionately harming marginalized communities. No technology should outweigh the people’s right to privacy,” the ACLU of Washington said in a statement. Last year, at the height of the protests over police brutality and racism, there was a movement in Congress around the idea that there should be legislation governing how and when police can use facial recognition software. Multiple studies from MIT, Harvard, the ACLU and other organizations have repeatedly proven that all facial recognition platforms have particular difficulty in distinguishing the faces of people with darker skin. In 2020, at least three cases emerged involving people of color who were detained and arrested based on mistakes made by a facial recognition software in use by a local police force. The Detroit Police Department was forced to apologize and change its policies after they erroneously arrested Robert Williams in front of his wife, children and neighbors based on a faulty match.Despite the national concern about how the technology functions, little has been done to stop police departments, airports, arena operators and other organizations from deploying facial recognition software widely. Multiple bills on the issue from both Republicans and Democrats have languished in the Senate and House.

In place of federal action, dozens of cities, towns and counties have stepped up to the plate to pass local bans on police department use of the technology. Both the Electronic Frontier Foundation and advocacy group Fight For The Future have created maps showing the thousands of businesses and law enforcement bodies currently using some form of facial recognition.But Fight For The Future has also built out interactive maps showing every city and town that has instituted local bans on police use of the technology. Four governments in California — the city councils of Oakland, San Francisco, Alameda and Berkeley — have passed facial recognition bans while multiple cities and towns in Massachusetts have passed some form of legislation either banning or regulating the technology. There are also bans in Portland, Oregon; Jackson, Mississippi; Madison, Wisconsin; Minneapolis; New Orleans; Pittsburgh; and Portland, Maine. The only governments to pass statewide legislation banning or regulating facial recognition use by police are Vermont and Virginia. In May, Massachusetts passed a limited set of rules that force police to get a warrant before running someone’s photo through a facial recognition database. “The growing list of cities, counties, and states banning facial recognition shows just how toxic the tech, and just how powerful our movement, have become,” Caitlin Seeley George, campaign director for Fight For The Future, told ZDNet.

“More communities are coming together to fight this racist, biased tech, and bans are gaining momentum in Baltimore, MD, New York City, and even Nebraska. All of these efforts are critical to protecting people now, and are also building momentum and support for a federal ban on facial recognition that would protect everyone from this technology.”She added that private companies are also shying away from the technology, and a number of the larger retailers in the US have said they don’t use or plan to use facial recognition in their stores. The only city that has banned corporations from using facial recognition is Portland.Schwartz explained that there is growing public demand for government bans on the use of the technology and said the Electronic Frontier Foundation is optimistic that more states and cities will begin passing bans or regulations on it.  While Schwartz said that the Electronic Frontier Foundation did not support bans on corporate use of facial recognition software, he noted that one of the easiest first steps local communities can take is forcing police departments to at least obtain warrants before being able to put photos through a facial recognition system. “Those false arrests are physically dangerous to people and the technology is racially discriminatory because of the disparate error rates with the technology. It is an Orwellian invasion of privacy because of all of the cameras that are out in public and the increasing integration of those cameras into one big network,” Schwartz said. “Facial recognition chills and deters people from showing up to protests in public places because they’re worried about face recognition spying on them and making a record of their dissent. People at protests have been identified by the police and people who are fully innocent have been misidentified.”See also: More

Ireland’s health service is still suffering from significant disruption more than three weeks after falling victim to a ransomware attack.The Health Service Executive (HSE), which is responsible for healthcare and social services across Ireland, shut down all of its IT systems following the attack last month.

ZDNet Recommends

Many of these systems were shut down as a “precaution” in order to stop the spread of the ransomware, which HSE described as a variant of Conti ransomware. SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  The health service vowed not to pay the ransom – which has been reported as a demand for $20 million in Bitcoin – and Dublin’s High Court issued an injunction against Conti in an effort to prevent the criminals leaking stolen data for not being paid.HSE has been providing regular updates following the cyberattack and as of 3 June – three weeks after the initial incident – services around Ireland continue to see what’s described as “significant impacts and disruptions to services”.Essential and urgent services, including COVID-19 vaccinations, are operating, but patients are still being warned they could face delays and cancellations to appointments because “systems are not functioning as usual” due to “critical IT systems” still being out of action.

Services like blood tests and diagnostics are taking much longer to operate than usual because the ongoing fallout means doctors, nurses and other staff are relying on manual processes in the meantime.According to HSE, this is expected to continue for “a number of weeks” as efforts are made to safely deploy a decryption tool to the restore 2,000 IT systems – each consisting of infrastructure, multiple servers and devices – affected by the ransomware, based on clinical priority. Despite the attempt at an injunction, HSE has warned the public that criminals could attempt to exploit the confusion and worry around the safety of their medical data to scam and defraud people.”People receiving any suspicious calls, texts or other contacts seeking personal or banking details are advised to report these contacts to their local Garda station or the Garda confidential line 1800 666111,” said an HSE statement.SEE: This company was hit by ransomware. Here’s what they did next, and why they didn’t pay upThe HSE incident is just one of a string of high-profile ransomware attacks to have hit organisations around the world in recent weeks. Colonial Pipeline, which supplies almost half of fuel to the United States eastern seaboard, was hit by a ransomware attack and paid cyber criminals using Darkside ransomware over $4 million in Bitcoin in exchange for the decryption key.Meat processor JBS was recently hit with a ransomware attack by the REvil criminal group, while Fujifilm has also fallen victim to a ransomware attack in recent days.The rise in ransomware attacks has led to the White House urging organisations to take the threat posed by cyber criminals seriously.”All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” said Anne Neuberger, deputy assistant to the president and deputy national security advisor for cyber and emerging technology.”Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat.”MORE ON CYBERSECURITY More

A financial crime monitoring platform has just announced the results of its latest financial crime report. The report from  Feedzai analyzes 12B global transactions from January to March of this year in order to identify the latest fraud, banking, and consumer trends.

The top line results are … dispiriting.Bank fraud attacks have increased 159% over the past year and phone banking fraud has seen a 728% increase. Over 90% of fraud attacks occurred online, and California, where I live, won the unwelcome distinction as the top state for fraud. Take that, New York.The jumps follow a post-pandemic logic. Coming out of lockdown, people are starting to spend more money locally and internationally. The time covered by the report saw a 410% increase in international transactions. Transaction volumes are increasing back to pre-pandemic levels, and fraud has followed close behind. At the same time, an increased reliance on digital services during the pandemic has placed consumers more at risk for online and phone fraud, particularly among consumers who previously preferred to shop in stores and may be less digitally savvy.”The world may have paused in 2020, but financial criminals did not,” says Jaime Ferreira, Senior Director of Global Data Science at Feedzai. “Reliance on digital forms of shopping, banking, and payments actually made it easier for fraudsters to attack more people, more quickly. As fewer consumers feel the need to walk into a bank branch or a mall we need to adapt financial services and payments to protect consumers. And as consumers, we need to continue to be vigilant and educate ourselves on how to stay safe.”

ZDNet Recommends

According to the report, banking is the primary channel for fraudsters, whether online, in-person, or by phone. I recently listed an item on Craigslist and was met with a barrage of scams, some obvious, some rather elegant, all directed at perpetrating some form of rip-off, including attempting to access my bank account. With many bank branches closed or operating during limited hours during the pandemic, banking has shifted primarily online and over the phone, the perfect sandboxes for cheats.Following California, the states with the highest fraud were Florida, Washington, Arkansas, and New York. Interestingly, Android devices see 1.9 times more fraud than iOS devices, despite having only half the transaction volume of iOS. The report suggests Apple’s tighter control of apps on the App Store makes it more difficult for fraudsters to infiltrate the platform.

All of this speaks to a need for greater vigilance than ever, which may be a tough message to sell as parts of the world that believe the worst of the pandemic is behind them cast a collective sigh of relief and shake off the dust heading into summer. The Feedzai Financial Crime Report Q2 2021 can be found in its entirety here. More

Google is expanding its Enhanced Safe Browsing feature in Chrome 91 to protect users when they’re installing a new extension from the Chrome Web Store. Chrome will start displaying a new dialogue warning users to proceed with caution if an extension is not trusted by Enhanced Safe Browsing. 

Google rolled out Enhanced Safe Browsing last year as an opt-in protection against phishing and malware sites, to catch instances where it missed detecting these sites before users visited them. The feature used Chrome to share more security data with the service to check dodgy URLs in real time to determine whether a site is a phishing site.SEE: Managing and troubleshooting Android devices checklist (TechRepublic Premium)Now Google is using Enhanced Safe Browsing to improve its management of developers who publish extensions to the Chrome Web Store. This could create obstacles for extension developers who are new to the Chrome Web Store, as it will take a few months of abiding by Google’s policies to be considered trusted.”Any extensions built by a developer who follows the Chrome Web Store Developer Program Policies, will be considered trusted by Enhanced Safe Browsing. For new developers, it will take at least a few months of respecting these conditions to become trusted,” Badr Salmi from Google Safe Browsing and Varun Khaneja from Chrome Security explain in a blogpost. “Eventually, we strive for all developers with compliant extensions to reach this status upon meeting these criteria. Today, this represents nearly 75% of all extensions in the Chrome Web Store and we expect this number to keep growing as new developers become trusted.”

The new framework for trusted developers follows Google’s year-long effort to clean up the Chrome Web Store from scammy and phishing extensions. Even after a crackdown last August, millions of users installed 28 malicious extensions.  Chrome users can opt into Enhanced Safe Browsing by going to Settings and clicking through Privacy and Security settings > Security > and then checking ‘Enhanced protection’ mode under Safe Browsing. Users should note that this does allow the service to share data that’s temporarily linked to a Google account if the user is signed into Chrome. But Google claims that Chrome users who do enable Enhanced Safe Browsing are successfully phished 35% less than other users, so there may be a good security reason to enable it.Google is also bolstering download protection in Enhanced Safe Browsing to improve protections when downloading potentially risky files from the web. SEE: What is a software developer? Everything you need to know about the programmer role and how it is changingUsers will get a warning when it detects a suspicious file and suggests the user sends it to be scanned for further analysis. A first check is run through the standard Google Safe Browsing services.If you choose to send the file, Chrome will upload it to Google Safe Browsing, which will scan it using its static and dynamic analysis classifiers in real time. After a short wait, if Safe Browsing determines the file is unsafe, Chrome will display a warning. As always, you can bypass the warning and open the file without scanning. Uploaded files are deleted from Safe Browsing a short time after scanning.

Google I/O 2021 More

With more of our personal information being sent and stored via the internet, fraud and identity theft continue to rise. There are plenty of great options available for reasonable prices that can help to protect your identity, personal information, and credit score.

Middle-of-the-road option in terms of price

Pricing:  Individual plans ranging from $7.50 to $25 per month and family plans from $12.50 to $33.33 per month.While perhaps a bit lacking in its monitoring services, Aura’s Identity Guard is one of the most comprehensive in identity theft protection. Using an IBM Watson artificial intelligence program, Identity Guard scans the dark web for personal information such as social security numbers or banking information. This level of protection is the best available, but credit monitoring is not as robust. Identity Guard monitors three credit bureaus, but credit reports are only available once a year, and there is no opt-in for fraud alerts. This is a middle-of-the-road option in terms of price.Pros:Anti-phishing mobile app.Bank account and investment account monitoring.Customer service is rated A+ with BBB.IBM Watson artificial intelligence scanning program.Identity theft insurance up to $1 million.Monitors all three credit bureaus.Offers safe browsing tools to protect online shopping, banking, or bill paying.Reduces telemarketing calls, junk mail, and phishing emails.Social insight reports.Tax refund fraud alerts.Three different plans provide flexibility.Cons:Credit reports only once per year.Does not offer a specific computer tool package.No fraud alert with credit bureaus.No “limited power of attorney” for recovery services.No money-back guarantee.Pricey mid-tier and upper-tier plans.Single bureau credit score.

View Now at Identity Guard

Decent basic and cheaper option

Pricing: Ranging between $9.99 and $17.99 per month for individual plans. Identity Force also offers custom family plans and enterprise plans to businesses.Depending on which option you choose, Identity Force can either be very high on this list or very low. The basic and cheaper option is decent in terms of identity theft protection, but its credit monitoring feature doesn’t offer reports, scores, or a broad monitoring scope. However, the more expensive plan is excellent and could reach the best on this list. This is one of the more pricey options, but an annual subscription and family plan would help to lower the overall price. Pros:Access to credit report fraud assistance.Credit freeze button.Credit score simulator with the higher plan.Customer service is rated A+ with BBB.Dark web monitoring.Identity theft insurance up to $1 million.Junk mail opt-out.Offers a VPN.Quarterly credit reports.Social media identity monitoring is in the basic plan.Two-factor authentication.Two months free on annual plans.Cons:Above-average price.Best features are limited to a more expensive plan.You can’t contact customer support through the iOS app.Information like IP address, web beacons, and browser fingerprinting is collected during the registration.The lower tier plan doesn’t offer credit monitoring for all three bureaus.No refunds for cancelling the service.Only two plan options.Subpar mobile app.

View Now at Identity Force

Best way to cover a large family

Pricing: Individual plans range from $13.95 to $17.95 a month. The family plan ranges from $19.95 to $32.95 and is where the real value lies.If you are looking for the best way to cover a large family, this is probably the best option. By offering coverage for 10 people in their family plan, IDShield has the best family plan. Individual plans lack computer protections such as VPN or anti-virus software. For families, there’s no better option.  Pros:Alerts you whenever sex offenders move to your area.Bank accounts monitored.Customer service rated as A+ with BBB.The family plan is available for up to 10 people.Identity theft insurance up to $5 million.Monitors all three credit bureaus with 12-month credit score tracking.Offers additional educational resources.Quarterly credit reports.Will assign a private investigator to help restore a stolen identity.Cons:Above average price for individual plans.Alerts must be activated to receive them.Confusing setup.Limited plan levels and options.No computer protections.No credit reports.No credit simulation.No 401(k) or retirement account monitoring.No VPN or anti-virus software.Single bureau credit score.

View Now at ID Shield

LifeLock’s identity fraud protections are among the very best

Pricing: Basic plans start at $8.99 a month and provide “good enough” internet security, but the best protection comes with the more expensive plans that cap out at $34.99 per month.It can be pretty hard to beat Norton when it comes to internet security, but LifeLock is an excellent alternative. LifeLock’s identity fraud protections are among the very best. LifeLock’s identity theft insurance is some of the best on the market, but credit monitoring is among the worst on this list. Most egregiously, LifeLock doesn’t have a family plan. Instead, each child must have their own junior plan, which is about $5.99 extra per child every month. Pros:All plans provide identity theft insurance.Constant dark web scans for personal data.Includes VPN.Insurance includes stolen funds reimbursement and personal expense compensation.Norton 360 software is available with some plans, excellent protection against viruses, spyware, and malware for up to five different devices.Real-time fraud alerts are available by text, phone, and email.60-day money-back guarantee with the annual plan.Three different plans available: Standard, Advantage, and Ultimate Plus.Tracks social security number.Up to $1 million for lawyers and experts, $25,000 to $1 million for stolen funds and personal expense compensation.Cons:Above average price.Coverage for children is an additional $5.99 for each child per month.Credit file can only be locked with one bureau, not all three.Must meet credit requirement to be eligible for credit protection and monitoring.No credit simulator.No family plan offered with LifeLock. Must purchase an additional junior plan for children.The standard plan comes with less identity theft insurance.The standard plan lacks alerts such as bank account and credit card activity.Standard and Advantage plans only monitor one credit bureau.

View Now at LifeLock

There are better options available

Pricing: The plans range in price from $9.99 to $24.99 monthly, so if you are only looking for very certain coverage, you could find a good one for cheap. PrivacyGuard essentially offers an identity theft protection plan, a credit reporting plan, and a plan that includes both. So in that way, it’s good for giving you exactly what you want, but some of the plan options severely lack what some may consider crucial features. However, there are better options available on this list for a similar price when it comes to comprehensive coverage.Pros:All three credit bureaus monitored with some plans.Antivirus software.Customer service rating of A+ with BBB.Monthly blended credit reports are available with some plans.New users can try any plan for two weeks for just $1.Three different options are available with different options.Up to $1 million identity theft insurance with some plans.Cons:No bank account monitoring.No family plans offered.Social network monitoring not provided.Some plans have glaring gaps in credit or identity monitoring on their own.

View Now at PrivacyGuard

What do identity theft protection services do?

These services will monitor websites and various databases for any signs of your personal information such as social security number, driver’s license number, bank account number, credit card number, etc. If any of this information is found online anywhere, it could be used in many different ways to steal money from you. These protection services will typically alert you and inform you of what you should do to prevent any future issues or help you to recover from theft. 

What are the signs of identity theft?

The most common signs associated with identity theft are collection calls or credit reports related to accounts you didn’t open, unexpectedly being denied a loan or credit card, and bills for accounts you didn’t open. It can take a long time before seeing evidence that your identity has been stolen and will come quickly and surprisingly. 

What should I look for in an identity theft protection service?

There are several things on the checklist that you should adhere to when searching for an identity theft protection service. Arguably the most important aspects when comparing one to the other would be: their monitoring and how extensive it goes, their alerts and how quickly you will be notified of fraud attempts, and recovery and how much insurance is offered and additional help and services.

Which is the right service for you?

Overall the best plan for protecting your identity and monitoring your credit as an individual is probably Identity Guard. While its credit monitoring is a little lacking, it comes through with its identity theft protection. However, if you are looking to cover your entire family, then you may want to look into IDShield, particularly if you have a large family that you want to protect. 

ZDNet Recommends More

The Australian Bureau of Statistics’ (ABS) latest Business Characteristics Survey (BCS) has revealed there were four main factors that prevented or limited businesses from using IT during the 2019-20 financial year.These factors were lack of skilled persons within the business, unsuitable internet speed, insufficient knowledge of IT, and uncertainty around the cost of IT and its benefits. It was the first time the annual survey questioned Australian businesses about this. Another first-time question that was introduced to the survey looked at what type of IT businesses used during the financial year. According to the survey, cloud technology was the most popular type of IT technology, which was used by 57% of all businesses, followed by cybersecurity software with 26%. Down at the bottom of that list was 3D printing and blockchain technology.In terms of cloud usage, 55% of all businesses reported using paid cloud computing in 2019-20, which is 13 percentage points higher than the 42% recorded in 2017-18. The use of paid cloud computing increased with each consecutive employment size category, ABS said, pointing out that 81% of businesses with 200 or more persons employed reported using this service.The survey also showed that 12% of innovation-active businesses — defined as “businesses that had undertaken any innovative activity” — reported using Internet of Things (IoT) technology compared to 3% of non innovation-active businesses. Similarly, 9% of innovation-active businesses said they used data analytics versus the 2% of non innovation-active businesses.Unsurprisingly, 95% of businesses with 200 or more persons employed were most likely to report using one or more form of IT.

When the ABS surveyed businesses about cyber attacks, 8% saw a decline in the number of online security incidents and breaches during the full year, compared with 11% in 2017-18 and 16% in 2015-16. In 2019-20, 20% of all businesses reported having upgraded their cybersecurity software, standards, or protocols as part of their management practices.The ABS also took the opportunity to note that the BCS is currently undergoing a “redevelopment process” to “capture more detailed information on the two principal topics” of innovation and business use of IT.The redeveloped BCS innovation module will be a standalone survey, while the collection of business use of IT and other topics will be combined in another survey, both of which will run every two years and conducted on alternating reference years, ABS said. The first innovation-focused collection will cover 2020-21, followed by the business use of IT survey in 2021-22. Related Coverage More

The minister responsible for the National Disability Insurance Scheme Linda Reynolds has apologised after a breach was committed against a woman who had experienced domestic violence.It was reported Friday morning that the National Disability Insurance Agency (NDIA) gave the private details of the woman and her children to the perpetrator who was recently released from jail.As detailed during Senate Estimates, the information included the location of the children’s school and the names of professionals working with one of the children. “The first thing I’d say is I unreservedly apologise for that, it should not have happened,” Reynolds said. “I’ve asked the NDIA for a full report on that. My first priority, and the NDIA’s first priority, is the safety and the privacy of the woman and the family concerned, and then also to work out how this happened and to make sure that it doesn’t happen again.”Also offering an apology to the victim was NDIA CEO Martin Hoffman, who said the investigation into what happened was already underway.”I can confirm that alerts were properly placed on the CRM record of this participant, the child, with the mother, in terms of the contact arrangements that should be in place. I can also confirm that the father had properly been removed from the child representative field, which is a field that drives the automated mail out of plan materials,” he explained.”I can also confirm that the information supplied was not the actual address of the family, but … did include location details, basically the suburb, and other material.

“I’ve asked for a very rapid and thorough review as to what happened in this case, given that the actions in the CRM of the alert and the removal of the father from the child representative field had been done at the appropriate time.”Hoffman said he was alerted to the breach on Wednesday; Reynolds said she became aware on Friday morning.NDIA officials were probed on how they became aware of the incident, specifically, if it was in response to a media enquiry.”I didn’t get it through that channel, there was one at the same time, but we also had it escalated through the national contact centre,” Hoffman said.Labor Senator Jenny McAllister quoted the victim as saying in the initial media report that her pleas to the NDIA “fell on deaf ears”, as she was asked to send an email after calling to report the incident. She asked Hoffman if he was satisfied with the actions of his agency in the aftermath.”I’m clearly not satisfied that the communication, through the mail out of plan materials, included information that should not have been provided to the father, absolutely,” he said. “I am satisfied that the agency has very actively engaged repeatedly with the mother and the family in terms of rapid plan variations, additional support, engagement with other agencies in Victoria, to ensure the coordination of support, be it housing or safety, etc.”That activity has been extensive and ongoing, and is continuing today.”All I know, is that we’re proceeding to, as I said, understand fully the systems issues here, noting, as I said, that the right alerts and the right removal from the child rep field were done at the appropriate time.”Hoffman also said the NDIA has “very clear” approaches in terms of the identification and approval requirements for people to gain access to information about participants and their plans, through both the national contact centre and in-branch.”This is a very complicated area, there are often disputes, claims and counterclaims are made, timing of receipt of court orders, intervention orders, etc goes to this,” he said. “But this is an area that we do have policy and process to try and maintain the security of that information.”The apology from Reynolds comes merely 24 hours after Minister for Families and Social Services Anne Ruston apologised to a survivor who had their personal information breached when the details of their application to the National Redress Scheme were uploaded directly to another person’s myGov account.IF YOU OR ANYONE YOU KNOW IN AUSTRALIA NEEDS HELP CONTACT ONE OF THESE SERVICES:Suicide Call Back Service on 1300 659 467Lifeline on 13 11 14Kids Helpline on 1800 551 800MensLine Australia on 1300 789 978Beyond Blue on 1300 22 46 36Headspace on 1800 650 890QLife on 1800 184 527SEE ALSOServices Australia penalised for breaching privacy of a vulnerable customerThe agency’s process for updating personal information in a domestic violence situation was not only alarming, but was found to be a breach of privacy by the Information Commissioner, too.Services Australia reported 20 security incidents to the ACSC in 2019-20Across Social Services, the NDIS, Veteran’s Affairs, and its own operations, Services Australia says no breach of Australian citizen data has occurred.Minister apologises for myGov breach of Redress Scheme survivor’s informationMinister Anne Ruston has apologised to a survivor who had her application to Australia’s National Redress Scheme shared with another survivor via the government’s myGov portal. More