Teachers Health issued a notification to approximately 1,600 members throughout late April and early May regarding unauthorised activity targeting our email system.
In February this year, we identified unauthorised activity where third parties gained access to two staff email inboxes, using scamming techniques commonly known as “phishing”.
Our IT team identified and blocked the unauthorised activity to protect information held on our systems. We engaged digital forensic and cyber security experts to investigate the incident and the data involved.
We also notified relevant government authorities, the Office of the Australian Information Commissioner (OAIC) and the Australian Prudential Regulation Authority (APRA), the Australian Cyber Security Centre (ACSC) and Services Australia.
The forensic investigation and security review was extensive, and has now been completed. The investigation found that correspondence relating to a small number of Teachers Health memberships is among the data potentially accessed by unauthorised third parties. We have contacted members who we know may have been directly affected by this incident and will continue to work with them to address their concerns.
We take our privacy obligations very seriously and are investing significant resources into investigating the source of the incident.
While all affected members have been notified, we encourage anyone who has questions to contact Teachers Health and we can address any concerns they may have.