Australia’s Fire Rescue Victoria has disclosed a data breach caused by a December cyberattack that is now claimed by the Vice Society ransomware gang.
Fire Rescue Victoria (FRVP) is a fire and rescue service operating across 85 stations in the Australian state of Victoria that has approximately 4,500 operational and corporate employees.
The cyberattack on FRV occurred on December 15, 2022, and despite the widespread and ongoing IT outages it has caused, the agency’s emergency response services have not been impacted.
“The incident affected a number of our internal servers, including our email system,” explains FRV in an announcement on its site.
“While we continue to experience a widespread IT outage as a result of the attack, community safety has not been compromised, and we continue to dispatch crews and appliances through mobile phones, pagers, and radio.” – FRV.
In addition to disrupting the agency’s IT system, the hackers have also stolen data from FRV’s computers, including information about current and former employees, contractors, secondees, and job applicants.
The agency notified the Office of the Australian Information Commissioner about the incident on January 6, 2023, disclosing the preliminary results of its ongoing internal investigation.
According to parts of the notice that were made public, the hackers have stolen the following information on FRV staff and applicants:
Address (current and previous)
Email address (current and previous)
Phone number (current and previous)
Date of birth
Sensitive information such as information about sexual orientation, race, disability, religion, qualifications, employment history, criminal history, and political or religious views.
Bank account details (BSB, account name, and number)
Government-issued identity information
Driver’s license details
Tax File numbers
Birth, death, and marriage certificates
In addition to the above, because the hackers accessed the agency’s email system, which remains offline, they may also have accessed or stolen sensitive email communications.
FRV is warning all employees and everyone else who previously applied for a job to be vigilant against targeted phishing emails or SMS texts.
Furthermore, the organization recommends that staff reset their passwords and enable MFA to protect their accounts further. If staff use their FRV password on other sites, they should also reset them.
Attack claimed by Vice Society Ransomware
This data breach notifications comes after the Vice Society ransomware gang claimed to be behind the attack on Fire Rescue Victoria and indicated they would start leaking stolen data.
On January 10th, an entry for Fire Rescue Victoria appeared on Vice Ransomware’s Tor data leak site, with a link to allegedly stolen data.
However, this link currently does not work, granting the fire rescue organization a likely unintended reprieve from their data becoming public.
While some ransomware operations have policies against targeting emergency services and healthcare entities, Vice Society tends to attack any entity they can breach.
These victims include various industries, including the education, healthcare, and local government sectors.
The ransomware operation launched in January 2021, when they began utilizing other ransomware gang’s malware as part of their attacks, including BlackCat, QuantumLocker, Zeppelin, a Vice Society-branded variant of Zeppelin ransomware, and Hello Kitty encryptors.
More recently, the threat actors have switched to a new custom encryptor that researchers have dubbed ‘PolyVice.’