urlscan.io logo urlscan.io
SecurityTrails logo

ctars.com.au Open in urlscan Pro
198.49.23.144  Public Scan

Back to summary
Submitted URL: https://impactcare-org-dot-yamm-track.appspot.com/2ojBSHQyDV7Ou4_NjXBdK29BllEmcI5dt08zWRP0TD5fIViR0gQEYt2_eN0nS4WlAYi0KRkb-kXo7syUZYJT4o8sBWXg3_nm...
Effective URL: https://ctars.com.au/ctars-data-breach
Submission: On August 16 via manual from AU — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

Home
The CTARS Solution
Key Features
Technology
Implementation & Support
NDIS Client Management Software
Out of Home Care
About Us
Overview
Resources
Training
Blog
Log In
Contact Us
Home
The CTARS Solution
Key Features
Technology
Implementation & Support
NDIS Client Management Software
Out of Home Care
About Us
Overview
Resources
Training
Blog
Log In
Contact Us



IMPORTANT INFORMATION: CTARS DATA BREACH

On the evening of 15 May 2022, we (CTARS- a cloud based client management system
for NDIS and out of home care services) became aware that an unauthorised third
party had gained access to our systems. The third party has claimed it has taken
a large volume of data. On the morning of 21 May 2022, we became aware that a
sample of that data had been posted on a deep web forum.

Although we cannot confirm the details of all the data in the time available, to
be extra careful we are treating any information held in our database as being
compromised. This data includes documents containing personal information
relating to our customers and their clients and carers.

This webpage is only for people who have been contacted by their NDIS or OOHC
provider and informed that they may be impacted by this incident - not all NDIS
or OOHC participants have been impacted by this data breach.

We understand that this incident may raise concerns for you. In the information
below, we outline the particular types of personal information likely to be
involved, the steps we have taken to date and the steps that you can take to
reduce the potential impact on your personal information if you think you may
have been affected

On this page:

 * Who is CTARS?

 * What personal information was impacted?
   
   * For NDIS participants and service providers
   
   * For OOHC participants and carers

 * What has been done to date?

 * What can you do?
   
   * Further information
   
   * Contact IDCARE
   
   * Precautionary steps
     
     * For impacted contact information
     
     * For impacted identity information
     
     * For impacted health or other sensitive information
     
     * For Medicare or Pensioner Cards
     
     * Services Australia
     
     * For an impacted Tax File Number

 * What support is available for high-risk or vulnerable people?




WHO IS CTARS?

If you have not heard of CTARS before, we are a cloud based client management
system provider for NDIS, disability services, out of home care, and children’s
services.

Our customers are service providers and we hold personal information of their
clients, staff carers and other third party suppliers in our system.

We have contacted impacted providers who use our system. This page is only
relevant to people who have been contacted by those impacted NDIS or OOHC
providers and told that they are affected by this incident.




WHAT PERSONAL INFORMATION WAS IMPACTED?

Due to the very large volume of information held by CTARS and the very lengthy
time it would take to review in detail, we are unable to confirm exactly what
personal information of yours was affected by the incident.

Whilst you should consider the specific information held by your relevant
provider organisation, the following types of personal information were present
in the CTARS database:




FOR NDIS PARTICIPANTS AND PROVIDERS

For NDIS participants your care provider uses CTARS to record information about
you in order to ensure your care needs are met, your goals are achieved, and
your funding is managed. This means that personal, health and other sensitive
information about you is stored in CTARS and is accessible to your care provider
so that, alongside you, decisions about your care needs can be made. Your care
team may record information that is important to you so that there is a record
throughout your care journey.

In relation to NDIS Providers and other contacts, information may include your
contact details and other information relevant to the provision of care.

Your NDIS provider, who used CTARS's platform, may be able to assist in
confirming what personal information of yours was held by CTARS.




FOR OOHC PARTICIPANTS AND CARERS

For OOHC participants your care provider uses CTARS to record information about
you in order to ensure your care needs are met. This means that information
about you, including your personal, health and other sensitive information is
stored in CTARS and is accessible to your care provider so that, alongside you,
decisions about your care needs can be made. Your care team may record
information that is important to you so that there is a record throughout your
care journey.

In relation to OOHC carers and other contacts information may include your
contact details, and other information relevant to the provision of care,
including relevant legal checks and registrations.

Your care provider organisation may be able to assist in confirming what
personal information of yours was held by CTARS




WHAT HAS BEEN DONE TO DATE

CTARS has reported the incident to the Office of the Australian Information
Commissioner (OAIC) and the Australian Cyber Security Centre (ACSC).

An independent national identity and cyber support community service (IDCARE)
has been engaged, at our cost, to support you if you need assistance.

We have also engaged external cyber-security and forensic specialists who have
been working alongside our IT security team to help contain the event, implement
additional security measures and investigate the breach.




WHAT YOU CAN DO




CONTACT US IF YOU NEED MORE INFORMATION

If you would like further information about the data breach, a response team is
on hand to answer your questions. The response team can be contacted at
responseteam@ctars.com.au.

You may also wish to contact your relevant care provider organisation.

Further information on online safety, cyber security and helpful tips to protect
yourself and respond to scams, identity theft and other online risks, can be
found at the following government agency websites:

https://www.cyber.gov.au/acsc/view-all-content/threats

https://www.scamwatch.gov.au/

We take the privacy and protection of your personal information extremely
seriously and sincerely regret any impact this incident may have on you.




CONTACT IDCARE FOR INDIVIDUAL CASE MANAGEMENT AND ASSISTANCE

If you are concerned about the potential misuse of your personal information, we
have arranged free support from IDCARE, Australia’s national identity and
cybersecurity community support service.

Please engage an IDCARE Case Manager via IDCARE’s Get Help Web Form at
https://www.idcare.org/contact/get-help if you have broader identity security
concerns.

Alternatively you may visit IDCARE’s Learning Centre for further information and
resources on protecting your personal information
https://www.idcare.org/learning-centre.

IDCARE’s services may be accessed by providing referral code CTR22 when
completing its Get Help Web Form or calling 1800 595 160.




WHAT PRECAUTIONARY STEPS YOU CAN TAKE

IDCARE, Australia’s national identity and cybersecurity community support
service, can assist you with many of the precautionary actions we have set out
below.

Your provider may be able to assist in confirming what personal information of
yours was held by CTARS, this will help you determine which steps you may need
to take.



Contact information

Where a third party may have access to your contact information or the
information of someone in your care, it is important to:

 * be alert for any email, telephone, and text-based phishing scams; (i.e.,
   fraudulent communications disguised as if to look like they come from an
   organisation you trust) and, in particular any such scam activity purporting
   to come from your provider organisation or CTARS;

 * ensure you have up-to-date anti-virus software installed on any device you
   use to access online accounts;

 * change your online account passwords. The ACSC provides guidance around good
   password practice which can be accessed here:
   https://www.cyber.gov.au/acsc/view-all-content/publications/creating-strong-passphrases;
   and

 * enable multi-factor authentication for you online accounts where possible.



Identity Information

Unauthorised access to your identification (“ID”) does not affect its validity
and you are still able to use it for its intended purpose, and as a valid form
of proof of identity. However, this ID information provides credentials which
can be used, for example, to obtain a line of credit, or conduct other
fraudulent transactions.

As such, we recommend contacting the issuing authority to let them know that a
copy of your ID may have been accessed by an unauthorised third party, and
request that they put an alert or restriction on your file.

As an additional measure, you may wish to apply for a credit ban and credit
report. You can apply for a free annual credit report from all official credit
reporting agencies (CRAs).

You can also contact the below credit reporting bodies to apply for a temporary
credit ban to stop unauthorised access to your consumer credit file. This means
that credit reporting agencies are not able to give your information to any
credit providers for 21 days, unless you provide written consent for them to do
so, or if they are required by law.

Equifax:
https://www.equifax.com.au/personal/products/credit-and-identity-products

Illion: https://www.creditcheck.illion.com.au/

Experian: http://www.experian.com.au/consumer-reports

If you're still concerned about fraud towards the end of the ban period you can
request the credit reporting body to extend it.



Health or other sensitive information

Health information impacted by the incident could include details of the
diagnoses, treatment, or recovery of a medical condition or disability.

Other sensitive information may include details relating to OOHC.

Health and other sensitive personal information by itself is generally not
useful to a cyber-criminal.

However, we acknowledge and understand that it may be upsetting to have your
health or disability information accessed. We regret that this incident has
taken place and sincerely apologise for any unease this may cause you.

If you are experiencing any distress, we recommend that you seek health advice
from a registered health professional you know and trust.



Medicare or Pensioner Cards

If your Medicare Card may have been impacted, you can ask for a new card. You
can do this by:

 * using your Medicare online account through myGov

 * the Express Plus Medicare mobile app

 * calling the Medicare program.

Your new card will replace your old card. You’ll have the same Medicare number
that you did before, only the last digit will change. Your old card will no
longer be valid.

If your pensioner concession card has been impacted, you can replace it by:

• requesting a new card via your myGov account linked to Centrelink

• calling Centrelink on 132 300 or your regular payment line

• visiting a Centrelink Service Centre.



Services Australia

We have alerted Services Australia to the incident and have provided them with
information relating to Services Australia customer credentials. This is so
Services Australia can apply increased identity security measures. Whilst you do
not need to take any further action, if you have any concerns, you can call or
email the Services Australia Scams and Identity Theft Helpdesk on 1800 941 126
Monday to Friday 8 am to 5 pm AEST or at reportascam@servicesaustralia.gov.au.
More information is available on the Services Australia Website at
https://www.servicesaustralia.gov.au/scams-and-identity-theft?context=60271



Tax File Number (TFN)

We have reported the incident to the Australian Taxation Office (ATO), in order
that they can add additional security measures to your Tax File Number. These
measures aim to detect fraudulent activity. There is nothing further you need to
do. However, if you have any concerns, you may wish to contact the ATO’s
specialist Client Identity Support Centre on 1800 467 033 Monday to Friday
8.00am–6.00pm AEST. More information is available on the ATO's website at

https://www.ato.gov.au/general/online-services/identity-security-and-scams/help-for-identity-theft/data-breach-guidance-for-individuals/




WHAT SUPPORT IS AVAILABLE FOR HIGH-RISK OR VULNERABLE PEOPLE?

CTARS have arranged free support from IDCARE, Australia’s national identity and
cybersecurity community support service.

Anyone affected by this incident, but particularly high risk and vulnerable
persons, can engage an IDCARE Case Manager via IDCARE’s Get Help Web Form at
https://www.idcare.org/contact/get-help.

Alternatively you may visit IDCARE’s Learning Centre for further information and
resources on protecting your personal information
https://www.idcare.org/learning-centre.

IDCARE’s services may be accessed by providing referral code CTR22 when
completing its Get Help Web Form or calling 1800 595 160.




















Back to Top
Contact Us
request a demo
Privacy Policy
Blogs

Phone: 1300 282 777 Email: enquiries@ctars.com.au