NDIA data breach claimed to impact 11,000 "records"

The National Disability Insurance Agency (NDIA) staffer charged in connection with a data breach is alleged to have shared around 11,000 “records” with at least one service provider associated with the scheme.

Government services minister Bill Shorten quantified the size of the data breach during a doorstop interview in Canberra.

“It appears … the charge is that this person is alleged to have provided about 11,000 records, not all participants, to providers,” Shorten said.

Shorten would not confirm the actual number of participants who had their data leaked, or clarify the participants-to-records ratio.

He would only say that the number of participants caught up is “a smaller number than the 11,000 [records].”

An NDIA spokesperson declined to clarify the number when approached by iTnews.

Shorten suggested the alleged unauthorised sharing of data had not been occurring for a long time.

He noted it was “not a cyber breach” of the agency, but instead a case of insider threat.

“We don't think it's been going on for a very long time,” he said.

“I don't want to comment too much more about the individual investigation, but certainly it is the case that someone who was working within the public service at the NDIA has provided information of a personal nature, and we've acted."

Earlier, iTnews reported that “some” of the information disclosed on participants included “full name, date of birth, gender, address, including postcode,” but that “in a small number of cases … further details [were] disclosed.”

The staffer, and a person associated with one service provider, have been arrested and charged.

The agency said it “believes this incident is financially motivated".

It said that all impacted individuals would be directly contacted by the NDIA.