Statement of Eligible Data Breach
s 26WK Privacy Act 1988 (Cth)

Aboriginal Legal Service of Western Australia Limited (ALSWA) has formed the view that there are reasonable grounds to believe that there has been unauthorised access of information about its current and recent clients and/or any other member of the public who is or has recently been involved in a case with an ALSWA client. ALSWA believes that such unauthorised access is an ‘eligible data breach’ for the purposes of Part IIIC of the Privacy Act 1988 (Cth) (Privacy Act).  This statement has been prepared in accordance with our obligations under the Privacy Act to notify, using this statement, the affected or at-risk individuals of the occurrence of an eligible data breach.

  1. Notification from:
    Aboriginal Legal Service Western Australia
    7 Aberdeen St, Perth 6000, Western Australia
  2. Description of the eligible data breach:
    Between 6 December 2022 and 12 December 2022, an Aboriginal Legal Service of Western Australia Limited (ALSWA) staff email account was accessed by an unknown person or persons.

Our investigation into this incident identified that the unknown person sent malicious emails and spent some time accessing information contained within the mailbox. The incident investigation has been unable to determine exactly what information was accessed in this manner.

  1. The kind, or kinds, of information concerned:
    If you are a current or recent client of ALSWA, or any other member of the public who is or has recently been involved in a case with an ALSWA client, the unknown person may have had access to the following types of information that may be of concern to you:
    • names;
    • basic contact details (addresses, email addresses, phone numbers);
    • identity information (e.g. drivers licence numbers);
    • information about an individual’s criminal record (if ALSWA was privy to that record); and/or
    • information relating to an individual’s past whereabouts or activities.

  1. Recommendations about the steps that you should take in response to the eligible data breach:
    If you think you may have been affected, we recommend being cautious with all unknown, unexpected and suspicious communications, including by:
    • verifying the identity of people contacting you before providing them with any personal or sensitive information;
    • avoiding providing individuals or entities with personal or sensitive information unless you are able to verify their identity; and
    • contacting ALSWA if you have any questions or concerns.

Please contact the police immediately if you think that you may be at risk of harm.

The occurrence of the eligible data breach is being reported to the Office of the Australian information Commissioner as required by the Privacy Act.

If you need to speak to us, please contact us on 08 92656666 and ask to speak with Matthew Wheatley, IT Manager or by emailing dataquery@als.org.au. Please note that ALSWA offices will be closed from 1 pm on Thursday 22 December 2022 until 8:30 am on Monday 9 January 2023.