What happened
In November 2023 the National Disability Insurance Agency disclosed an insider breach in which a staff member, financially motivated, accessed and leaked participants’ personal details — names, dates of birth, gender and addresses [ndia-co], [ndia-itnews]. The AFP charged the former staffer, who was later sentenced [ndia-itnews], [ndia-co]. This is distinct from the June 2023 HWL Ebsworth breach.
Current status
Resolved through prosecution. The exact number of participants affected was not published, so none is asserted here.
Why it matters
Disability-scheme records are highly sensitive, and an insider misusing legitimate access is a distinct threat from an external hack — controls have to guard against both.