In early 2021, Weave experienced two separate data breaches. In both breaches, when Weave became aware of the situation, Weave acted immediately to secure access to the compromised systems. Weave then engaged an external consultant to independently review the breaches and the circumstances surrounding them.
The first breach occurred on the Weave electronic client database. The kinds of information contained in the electronic client database included, but was not limited to: client case notes, case plans, copies of birth certificates, other forms of ID, copies of support letters for court, and housing applications. The breach involved the injection of software that hijacked some of the computers processing power in order to send out spam.
Weave has found NO EVIDENCE through its investigations that any client data was accessed or moved from the electronic client database platform.
To ensure greater security in our client database, Weave shut down the original electronic client database and replaced it with a highly secure Cloud based solution.
The second data breach involved a “brute force” attack on one of our external storage devices that contained a small amount of sensitive data. Examples of the kinds of information on this device were internal Weave budget information and support letters for housing and court. The breach came in the form of a Ransomware injection where a small amount of non-sensitive, non-critical data was encrypted on the device.
Weave has found NO EVIDENCE through its investigations that any sensitive data was accessed or moved from this storage device and Weave has taken all necessary steps to secure this device.
Steps that individuals can take
Weave understands that notifications of this nature may cause concern. If you are concerned or would like to understand more about what happened and how this might impact you, we encourage you to contact us directly in the first instance for clarification and assistance (see below for details).
Below are some other steps you can take in response to this notification.
- You can visit the Australian Cyber Security Centre for comprehensive resources on things you can do to stay safe online and improve your online security.
- You can get free legal advice from your local Community Legal Centre, Law Access (1300 888 529) or your local Legal Aid NSW office.
Support & Follow Up
If you have any question or concerns about this notification, or you want to know more about how to protect yourself, you can contact Weave and talk to our Privacy Officer who has been specifically briefed on this matter.
Our Privacy Officer can help you to further understand the situation, provide information on how Weave has secured our client data moving forward and provide you with further support.
See below for her contact details.
Andrea Hadaway
Weave Privacy Officer
0433 814 648
**Please contact Andrea during Business hours only (9am-5pm Monday to Friday)
This communication was authorised by:
Siobhan Bryson
CEO
Weave Youth and Community Services