Skip to main content

Update from Aged Care Royal Commission on cyber security incident

An investigation into the November 2020 cyber-security incident at the Aged Care Royal Commission's document management service provider, Law In Order, has concluded that 59 Royal Commission documents were impacted. However, there is no evidence that any sensitive personal information was accessed, published or misused in any way.

The Royal Commission has notified all parties affected by this data breach. The Office of the Australian Information Commissioner has also been advised. Law In Order has assured the Royal Commission that remedial action has been taken to both protect the security of the affected information and mitigate any further risk arising from the incident to members of the public and organisations involved in the Royal Commission’s work.

The cyber-security incident occurred on Sunday, 22 November 2020. At that time, Law In Order shut down a number of its key systems and commenced a complete forensic examination, in cooperation with the Australian Federal Police and the Australian Cyber Security Centre. The Royal Commission informed the public of the incident on 25 November 2020.

Law In Order has advised the Royal Commission that it has taken steps to prevent any further malicious activity, including implementing a range of security enhancements to its systems and networks. Royal Commission documents have been moved to new servers with additional security measures enforced.

The Office of the Royal Commission is confident that this incident was not a notifiable data breach under the Privacy Act 1988, and that there was no unauthorised access to sensitive personal information. However, the Office regrets that the incident has occurred, and acknowledges the concern of members of the public and organisations involved.

For individuals with queries and technical questions about this incident, Law In Order is available to answer you directly. Please contact cyber.response@lawinorder.com.

For general queries, please contact the Aged Care Royal Commission: acrcenquiries@royalcommission.gov.au.

For media enquiries: acrcmedia@royalcommission.gov.au.