Cyber Incident Victim: PNORS Technology Group
Date:
Nov 2022
Location:
Australia
Summary
A cyberattack on PNORS Technology Group compromised sensitive personal data, potentially including health records from Victorian primary school students collected through mandatory entrance questionnaires. The breached information encompassed developmental, behavioral, and family-related details, alongside demographics. Separately, Kilvington Grammar School confirmed unauthorized access to its systems, exposing current and former students' personal data such as birthdates, addresses, Medicare numbers, and health information. The attackers privately provided a sample of purportedly stolen data to the company, while initial assessments suggested the intrusion targeted encrypted systems. Victorian government agencies, including the Department of Education, collaborated with the firm to investigate the breach's scope, with the state's Cyber Incident Response Service engaged.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The PNORS Technology Group cyber incident, detected around November 2022, involved unauthorized access to systems handling sensitive government and educational data. PNORS, a contractor for six Victorian government departments including Education and Training, confirmed that attackers exfiltrated information including Victorian primary school students' health questionnaires. These mandatory forms contained developmental histories, behavioral assessments, family medical conditions, and substance use disclosures. On November 5, PNORS CEO Paul Gallo disclosed that hackers privately shared a sample of purportedly stolen data with the company, contradicting initial assessments that the breach was confined to encrypted systems. The Victorian government acknowledged the incident through the Department of Premier and Cabinet, activating its Cyber Incident Response Service while collaborating with PNORS to determine the breach's full scope. Education Department officials deferred inquiries about specific compromised health records to the central government, which provided no definitive confirmation of exposed medical data despite media sources asserting its inclusion in the theft.
Concurrently, Kilvington Grammar School in Ormond independently reported a related data breach affecting current students, alumni, and waitlisted applicants. The school identified unauthorized system access through suspicious network activity, leading to forensic investigation that confirmed theft of personal identifiers including full names, birthdates, contact details, Medicare numbers, and unspecified health information. School administrators notified affected families without disclosing whether PNORS' infrastructure facilitated the intrusion. No ransom demands accompanied the breach, distinguishing it from typical ransomware operations. Both incidents remained under active investigation by corporate cybersecurity teams and government responders, with neither PNORS nor Victorian authorities confirming the total number of impacted individuals or confirming whether stolen data appeared on public platforms following the attackers' private disclosure to PNORS.