A legacy to be proud of - thanks Bill Shorten
Posted on 17 Sep 2024
Love him or loath him, departing NDIS Minister Bill Shorten has been a solid supporter of the…
Posted on 03 Sep 2024
By Matthew Schulz, journalist, Institute of Community Directors Australia
One of Victoria’s oldest and largest charities is battling a major data hack in which an estimated 215 GB of data and nearly 420,000 files have been taken and likely published on the dark web.
Meli Community employs more than 750 staff from its Geelong base and is a Barwon region operator of kindergartens, foster care, family violence services, and school and youth help, as well as providing mental health, drug and alcohol, homelessness, financial assistance and NDIS services.
According to a recent financial statement, the organisation’s annual revenue to January 2024 was just over $49 million. Yet the cyberattack has forced it to resort to using paper-based and manual systems for some services.
The breach occurred in late July, just as the world was battling with the CrowdStrike IT meltdown. Late last month, the Qilin ransomware group began publishing Meli data on its dark web portal, posting multiple photographs of important financial documents and passport information.
Qilin claimed to have snatched 215 GB of data and 419,617 files from the charity.
In a statement on its website, Meli apologised to its clients and confirmed it was “currently investigating a cyber incident that has impacted our organisation”.
“As soon as we detected the incident, we took steps to secure our system. We also partnered with leading forensic specialists and cybersecurity advisors to investigate what has happened. Our investigation is ongoing.”
Meli said it was “urgently investigating the nature and extent of the published dataset”, after becoming aware of claims that the information had been published “by an unauthorised third party”.
The company has informed several authorities about the breach, including the Australian Cyber Security Centre (ACSC), Victoria Police, the Office of the Australian Information Commissioner (OAIC), the Office of the Victorian Information Commissioner, and state and federal government agencies.
“We will continue to cooperate with law enforcement and the relevant government agencies as required,” the company said in a statement.
Meli issued a string of recommendations about how clients and users of its services should protect their personal data, and also referred users to the Australian Cyber Security Centre website and the ACCC’s Scamwatch website.
The Community Advocate contacted Meli with several questions about the cyberattack, including whether the organisation had been asked for a ransom payment, what actions it had taken to prevent the release of any data on the dark web, more detail about the information taken and whether staff, volunteers and clients had been affected.
Through a public relations company, the organisation put out a statement which repeated most of the web statement but added: “Our important work supporting clients and the community remains our utmost priority. We thank our funders for their ongoing support and together we will continue our important role of supporting people and strengthening communities.”
Meli Community resulted from a merger of the former Barwon Child, Youth & Family (BCYF) and the Bethany Group about a year ago. Its name refers to meliorism, or the idea that the world can be improved through human effort.
The organisation has offices and kindergartens in Greater Geelong, on the Bellarine Peninsula, on the Surf Coast, and in Winchelsea, Colac, Bannockburn, Warrnambool and Horsham.
Bethany was first set up in 1868 as a women’s refuge, while BCYF began as Geelong’s first orphanage.
Qilin, sometimes known as Agenda, employs Russian-based code, and is a growing international threat, having previously targeted hospitals in London, the publishers of the Big Issue in the UK, and IT provider Dialog as well as the Victorian court system in Australia.
Infoxchange CEO David Spriggs said the incident served as just the latest warning to all not-for-profits to brace for such attacks.
“Cyber attacks are continuing to become more prevalent in the community sector, causing significant disruption and damage to the reputation and daily work of not-for-profits,” Mr Spriggs said.
He said Infoxchange's most recent Digital Technology in the Not-for-profit Sector Report had found many not-for-profits were missing basic cyber security protections, with only 20% providing cyber security awareness training for staff or having a plan to improve their cyber security “posture”.
“We advise organisations to ensure they are conducting regular cyber security audits, are implementing strong cyber security practices and educating both staff and volunteers on cyber risks and the critical steps to protect information.
“It is important to prepare for 'when' not 'if' scenarios."
And he repeated a call for the federal government to help the sector.
“We call again on the Australian government to appropriately fund capacity building for the charities and not-for-profit sector to help the sector better prevent these attacks and respond to increasing cyber security threats.”
He said organisations could visit Infoxchange's free Cyber Safe Hub for training for staff and volunteers, and use the guides to cyber security on its Digital Transformation Hub.
Posted on 17 Sep 2024
Love him or loath him, departing NDIS Minister Bill Shorten has been a solid supporter of the…
Posted on 17 Sep 2024
Every Australian student deserves access to a quality education, no matter where they live or their…
Posted on 17 Sep 2024
The crowded fundraising landscape means organisations trying to raise money for a good cause must…
Posted on 17 Sep 2024
Funding for local not-for-profit (NFP) and community groups that support areas affected by drought…
Posted on 17 Sep 2024
Eduardo Maher has seen first-hand the negative effects climate change has wrought on his community…
Posted on 17 Sep 2024
Many older Australians from migrant backgrounds are severely disadvantaged when it comes to…
Posted on 17 Sep 2024
Improving the sometimes-fraught relationship between the not-for-profit (NFP) sector and government…
Posted on 16 Sep 2024
Philanthropists are increasingly shooting for the moon in their efforts to make a lasting impact.
Posted on 16 Sep 2024
September 18 is Childhood Dementia Day. With many Australians unaware that thousands of children…
Posted on 12 Sep 2024
Fundraising experts say that better understanding donors’ attitudes to the community sector will go…
Posted on 12 Sep 2024
NFPs would be wise to consider innovative ways to diversify their income and the benefits of doing…
Posted on 12 Sep 2024
Small to medium not-for-profits have enjoyed a 5% donations spike compared to this time last year,…