You are here

NDIS Data Breach - Tasmanians Affected

Cassy O'Connor MP  -  Thursday, 2 June 2022

Tags: Privacy, Out of Home Care, National Disability Insurance Scheme, Cybersecurity


Are you aware of the massive data breach of the NDIS client management scheme and out of home care providers which has led to the widespread publication of sensitive personal information, including an apparently enormous volume of medical records, names and addresses, Medicare and tax file numbers?

We are sure you will agree this is deeply worrying. The platform hit by this hack is delivered by Australian software providers CTARS, which provides client management databases. Has this matter been brought to your attention? Are you aware of any Tasmanians or local service providers who have been affected, their private information made public, as a result of this major data breach? And if so, how is government supporting those affected?



Mr Speaker, I thank the Leader of the Greens for her question. I am advised that the Department of Communities Tasmania was notified on 17 May of a cyber attack on CTARS, a client management system for one of their service providers. It subsequently became a data breach. I am advised that the Department of Communities has one contracted service provider affected by the CTARS data breach. Other states and territories have also been impacted by the data breach. It is currently not clear how many Tasmanian citizens are impacted by the breach. However, the department is working with suppliers involved to determine this.

The Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner has been notified and have engaged IDCARE to support victims of the data breach. Our Government will be assisting as required to provide support to any Tasmanians affected by the data breach.