Victoria court recordings exposed in reported ransomware attack

CSV is an independent statutory authority that provides services to Victoria's court systems, including case management systems and administrative solutions.

In a statement published on December 2 on its website, CSV says it detected a cyberattack on December 21, 2023, that allowed hackers to disrupt operations and access its audio-visual archive containing sensitive hearing recordings.

The impacted system was immediately isolated and disabled, but the ensuing investigation revealed that the breach occurred at an earlier date, December 8th, 2023, with the exposed recordings going as far back as November 1, 2023.

"The cyber incident led to unauthorised access leading to the disruption of the audio visual in-court technology network, impacting video recordings, audio recordings and transcription services," reads the CSV statement.

"Recordings of some hearings in courts between 1 November and 21 December 2023 may have been accessed. It is possible some hearings before 1 November are also affected."

Specifically, the following courts and jurisdictions have been impacted by the security incident:

• Supreme Court – hearings from the Court of Appeal, Criminal Division, and Practice Court between December 1 and 21, and two regional hearings in November 2023.
• County Court – hearings from all criminal and civil courts from November 1 to December 21, 2023.
• Magistrates' Court – some committals heard between November 1 and December 21, 2023.
• Children's Court – one hearing from October 2023.
• Coroners Court – all hearings that took place between November 1 and December 21, 2023.

The above recordings contain a mix of public and confidential information, so depending on the case, they may expose sensitive information regarding court cases.

Where possible, impacted courts will send out breach notices to those deemed impacted by the incident.

CSV has also notified the authorities about the potential data breach, including the Victoria Police, Victorian Department of Government Services, and Australia's National Identity and Cyber Support Community Service (IDCARE).

Though CSV is still in the process of restructuring the impacted system with more focus on security, court operations in Victoria will not be affected, and all cases scheduled for January 2024 are expected to proceed normally.

The authority's does not name the cybercriminals responsible for the attack, but sources speaking to ABC News report that the Qilin ransomware gang carried out the attack.

The Qilin ransomware operation was launched under the name "Agenda" in August 2022 but was later rebranded as Qilin.

Since its launch, the ransomware operation has had a steady stream of victims but has seen increased activity towards the end of 2023.

Source: BleepingComputer