The work details of 30,000 Victorian public servants have been stolen in a data breach, after part of the Victorian Government directory was downloaded by an unknown party.
The list is available to government employees and contains work emails, job titles and work phone numbers.
Employees affected by the breach were told in an email their mobile phone numbers may have also been accessed if they had been entered into the directory.
“Because of this incident you may experience increased phishing, spam and social engineering attempts via your work email address and telephone numbers,” the email read.
“As always, you should be aware of these risks and remain vigilant when it comes to unsolicited communications via email and telephone.”
Staff were told no banking or financial information was affected in the breach.
Suelette Dreyfus, a researcher in cybersecurity and privacy at University of Melbourne, said while it did not appear highly personal or sensitive information had been stolen, the dataset as a whole could be useful for a more targeted attack.
“If you take even small snippets of information and you aggregate them into a dataset, you can then get an image of the entire State Government because you know all the different people, their positions, their phone numbers … and you can figure out where the power centre is and who you would target if you were going to try to hack someone’s email,” Dr Dreyfus said.
She said the dataset could be valuable to anyone trying to influence government decision making.
“Whether that’s for commercial reasons about winning a contract or whether you were an international state player who might have an interest – financial or policy wise – all of these types of people could be advantaged by the information that was actually hacked,” she said.
The Premier’s Department said it had referred the breach to police, the Australian Cyber Security Centre and the Office of the Victorian Information Commissioner for investigation.
“The Government will ensure any learnings from the investigation are put in place to better protect against breaches like this in the future,” a spokesperson for the department said in a statement.