OAIC Notice
On Thursday, 8 February 2024 the AACA received notice from the Office of the Australian Information Commissioner (OAIC) outlining the closure of its file concerning the Third-Party Data Beach incident discovered on 3 December 2023.
This concludes the matter and affirms AACA’s response to the incident as compliant with OIAC guidance, the Notifiable Data Breaches Scheme, and the Privacy Act 1988 (Cth).
Background
On Sunday, 3 December 2023, the Architects Accreditation Council of Australia (AACA) became aware of a cyber incident affecting our third-party IT provider.
To safeguard our members, our people and others, AACA immediately initiated an independent investigation into how our members and others may have been impacted by this incident.
We issued two statements following the incident on:
- 6 December 2023 – Notifying stakeholders of the incident, detailing our engagement of external cyber security experts, and noting our work with relevant government agencies and regulators in responding to the incident; and
- 22 January 2024 – Outlining our intent to reach out directly to affected individuals and responding to stakeholder inquiries.
Key lines of AACA’s inquiry into this incident included how and when this breach began, what types of data may have been accessed and stolen, and what steps AACA’s third-party provider undertook to safeguard the AACA and our broader professional community.
The AACA has worked closely with external cyber security experts and relevant Australian Government agencies and regulators. We thank them for their support since first notifying them of the incident.
Summary
As we move forward, the AACA stands committed to learning from this incident and doing better in the future to support our members and safeguard their interests.
If you have any questions or concerns, please do not hesitate to contact AACA by email at our dedicated mailbox: [email protected].