ECA experienced a third party provider security breach on 20 November 2018. We have done our best to contact anyone affected—anyone who had received an unexpected email invoice, titled Bill INV-12142 from Early Childhood Australia—asking them to please delete the email from their system.
Please note: DO NOT open the email or click any link. It is not from ECA and is potentially part of a much wider cyber-attack on services and organisations.
We have tracked down the source of the breach and established that it was contained to some of our email lists hosted externally. No sensitive personal or financial information has been compromised and this does not affect ECA customer account details. Although the breach was not in an ECA system we sincerely apologise for the inconvenience and concern it has caused.
Steps you can take
If you have received the email (once or multiple times) please delete it. You may also want to block the email address ‘firstname.lastname@example.org’ to avoid receiving it again. We will not use this email address to contact you from this point on.
If you received the email and clicked the link:
- please activate your usual IT responses e.g. run any anti-virus software, check with your IT support and complete any standard security checks for your organisation.
- You can also visit staysmartonline.gov.au, the government’s cybersecurity site for business, not for profit and enterprise and download information including their StaySmart Online Guide for Small Business.
Steps ECA is taking
- We are working with the third party provider to resolve the issue.
- We have reported the breach to the appropriate authority—the Australian Cyber Security Centre (https://www.acsc.gov.au/).
- We have contacted everyone who received the email, posted updates and alerts to members, on ECA’s Facebook and closed group pages and other ECEC Facebook groups that have been discussing the incident.
- We will continue to keep this webpage updated and let you know when we know more.
Once again we apologise for any inconvenience and appreciate your ongoing support.
For resources to strengthen your own IT systems, secure your devices and educate your teams, there are several government sites with excellent information and support that can help you and your organisation.
- Australian Competition and Security Commission www.scamwatch.gov.au
- Stay Smart Online www.staysmartonline.gov.au
- The StaySmart Online Small Business Guide can be found at https://ssogreen.govcms.gov.au/sites/g/files/net1886/f/Stay-Smart-Online-Small-Business-Guide_1.pdf
- Click here for information on how to ‘protect your stuff’ including mobile phones and tablets at https://www.staysmartonline.gov.au/protect-yourself/protect-your-stuff
- Click here for a guide to Protecting yourself online: what everyone needs to know in downloadable PDF format
- The Federal government’s Australian Cyber Security Centre is at https://www.acsc.gov.au/government.html.