Call Us: (02) 4979 1120
Follow Us:

CatholicCare Social Services Hunter-Manning impacted by CTARS data breach

27 May 2022

CatholicCare Social Services Hunter-Manning (‘CatholicCare’) has been impacted by a cyberattack on CTARS, the provider used by CatholicCare to store information, including contact and personal details, about clients.  

It is estimated around 90 organisations across Australia have been impacted by the data breach at CTARS.

CatholicCare takes the safety and privacy of our clients seriously and are advising those people potentially impacted by the cyberattack so they can take appropriate measures and access the relevant support services at this early stage. 

CatholicCare is working with CTARS to understand the extent of the breach and the impact on client data.

Additionally, CatholicCare has engaged independent expert forensic specialists and an active investigation is underway to investigate and identify risks to information.

CatholicCare will provide further communication and support to those affected.

An email address has been set up for any questions and to provide support to any people CatholicCare is unable to contact.  If you think you may be affected, or know someone who may be affected, by this incident but have not received notification, please email CTARSdatabreach@catholiccare.org.au and someone will be in touch.

 

Frequently Asked Questions at 27 May 2022

What is CTARS and how does it involve CatholicCare?

CTARS is a provider of client management systems and operational service solutions for NDIS, disability services, out of home care and childrens’ services.  The data held by CTARS was compromised in a sophisticated cyberattack in May 2022.

CatholicCare is one of more than 90 CTARS clients Australia-wide that sustained data breaches as a result.

When advised of the breach, CatholicCare responded quickly, immediately ceasing use of the system.

 

How do you know if you have been affected?

You will be contacted by CatholicCare Social Services directly. 

CatholicCare is undertaking a detailed and thorough process to identify clients that may be impacted as a result of the cyberattack.  This complex work is an ongoing and time-consuming process.   

If your contact details have changed since you last contacted or worked with CatholicCare, you can email CTARSdatabreach@catholiccare.org.au for more information. 

 

What information has been taken and has it been used?

CTARS has been unable to confirm exactly what information was affected however, it is likely that different types of information, including contact and personal information, and in some cases, health-related personal information were compromised in the cyberattack. 

So far, investigations have not revealed that the captured information has been misused however, it is too early to confirm and further forensic investigations and monitoring are underway.  Updates will be provided.

CTARS has engaged an external cybersecurity and forensic specialist team who have been working to contain the event, implemented additional security measures and investigate the breach.

 

Who can people contact for support?

Support is available to any individual affected by the data breach.

CatholicCare clients can contact their usual case worker for more information. 

Expert and specialist advice is being provided by IDCARE free to affected clients and more information, including a reference number, can be provided by your case worker.  IDCARE can assist in the provision of practical steps to protect personal information.

Questions or concerns can be directed by email to CTARSdatabreach@catholiccare.org.au for more information. 

 

Steps to protect your personal information

Regardless of whether you have been affected by this data breach, the following steps can help to protect personal information:

  • Remain vigilant and monitor accounts.
  • Never respond to unsolicited phone calls, emails or text messages.
  • Scammers impersonate other organisations to convince people to take action. If you aren’t sure, do your own research and make contact using publicly listed contact details for the organisation.
  • Wherever possible implement multi-factor authentication for online accounts.
  • Ensure you have anti-virus software on all of your online devices.

For more easy steps to stay secure, visit the Australian Cyber Security Centre.

Search