Recent business email compromise

Recent business email compromise

What happened?

Kimberley Community Legal Services (KCLS) recently identified a business email compromise (BEC) event, which may have resulted in unauthorised access to personal information contained in one KCLS mailbox.

On discovery, KCLS immediately engaged external experts to investigate and provide advice. Our experts advised that it is possible that some personal information was accessed, however they are unable to confirm whether this is the case.

On this basis we wanted to be proactive and transparent with our community, so individuals can take appropriate steps to mitigate any risks of harm.

If you have any questions about this event, please reach out to us at support@kcls.org.au so we can provide further information. We take the protection of personal information seriously and are committed to providing appropriate support.

What information may have been impacted?

The types of information identified in the mailbox differ for individuals, but generally include a combination of full name, basic personal and contact information (eg address, email, phone number or date of birth), health information and other sensitive information relating to clients, the community and services we provide (including referral forms, case notes and other correspondence relating to our services and the broader community).

What steps can individuals take to reduce risk?

We encourage our community to practice vigilance and look out for scams. Our experts have advised that scam activity is generally on the rise. In line with best practice to minimise the risk of scams, we recommend you take the below steps:

• remain alert to any suspicious emails and SMS or telephone communications that are disguised to look like they come from someone you know or trust;
• use complex passphrases and change passwords regularly on all accounts;
• enable multifactor authentication on accounts where available;
• be alert to phishing scams. Phishing scams are attempts by scammers to trick people into providing their personal information, including passwords, credit card numbers and/or sensitive personal information, often by creating a sense of urgency. These scams could target you through post, phone or email. To obtain further information about how to avoid scams at scamwatch.gov.au; and
• obtain further information about online safety, cyber security and helpful tips at cyber.gov.au.

 

Moving forward

While KCLS had strong security measures in place at the time of the BEC event, we are working with our experts to further enhance our security and reduce the risk of recurrence moving forward.

We apologise for any concern caused by this event.

Matt Panayi

KCLS CEO