NDIA staffer charged after data breach

The agency responsible for administering the national disability insurance scheme has apologised for a data breach involving the personal information of NDIS participants.

The NDIA says a staff member has been arrested for allegedly leaking information to two people who had been acting as NDIS providers.

The staff member has been charged with offences relating to the alleged unauthorised disclosure of protected agency information after the execution of search warrants on November 9.

NDIS minister Bill Shorten told a media conference the person is alleged to have provided about 11,000 records to providers.

Not all of the records involved NDIS participants, Mr Shorten said.

“We don’t think it’s been going on for a very long time, this is not a cyber breach,” he said.

The NDIS Quality and Safeguards Commission has banned the other two people and two associated provider companies from providing NDIS services.

One person has also been arrested and charged in relation to the matter.

We sincerely apologise for any distress caused. We are actively working with participants and their nominees to protect their plans.


The NDIA says information disclosed involved details in its internal system including names, dates of birth and addresses.

Further details were disclosed in a “small number of cases”, the agency says. Government News has sought information about how many NDIS participants were affected by the breach.

The NDIA says the breach, which was uncovered during an ongoing investigation by the Fraud Fusion Taskforce,  is being taken extremely seriously  and has been reported to the OAIC under the notifiable data breaches scheme.

“The NDIA understands this may cause distress to participants, as well as their families, carers and supporters,” it said in a statement on Tuesday.

“We sincerely apologise for any distress caused. We are actively working with participants and their nominees to protect their plans.

“We are also actively monitoring plans and account transactions for any unusual or suspicious activity. “ 

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at editorial@governmentnews.com.au.  

Sign up to the Government News newsletter

One thought on “NDIA staffer charged after data breach

  1. Their contact consists of a notification letter by snail mail and an insincere apology in that. I’m so sick of my right to privacy being exploited online. But sure, why would you call people to disclose their privacy has been breached when you can send a generic letter instead. Let’s breach the privacy of the most vulnerable people in our community and just send them a letter in the post to say sorry. Great work NDIA

Leave a comment:

Your email address will not be published. All fields are required