Welcome to the blog of NSW strata investigative journalism
From: | SP52948 owner |
---|---|
To: | Frank Tallaridi Waratah Strata Management |
CC: | Robert Crosbie Waratah Strata Management |
Subject: | INTERIM UPDATE: Request to provide information about alleged data breach at Waratah Strata Management and loss of SP52948 strata files on 17Feb2020 |
Date: | 17/2/20, 9:54 pm |
Good evening,
It is noted that requests dated 14 July 2019 and 11 August 2019
to provide information in regards to alleged data loss and
ransomware attack were not answered. In capacity of legal member
of the Executive Committee representing owners corporation
SP52948, Waratah Strata management failed to respond.
Lot 158 has updates for you to consider and prepare immediate responses listed in the attachments:
a) Waratah Strata Management alleges that their computer systems
were attacked by ransomware on 1 February 2019. The attack lasted
undetected for several weeks.
It took Waratah Strata Management six weeks to report the data
losses to owners, and three and a half months to report it to Fair
Trading NSW.
Four different versions of events presented by Waratah Strata
Management do not match each other.
The brief ransomware report by Sententia also raises more
questions.
Apart from lost USB key in mid-2018 (Waratah Strata Management did
not keep copies of it) with all files for periods before 1
February 2017 that took Waratah Strata Management around 10 months
to report to owners in March 2019, the second loss of data in
alleged ransomware attack was/is also not properly disclosed to
owners.
Of special interest is the allegation that Bitcoin ransom was paid
by a third-party known to Waratah Strata Management to the threat
actor in the equivalent amount of $5,052.03. Waratah Strata
Management still refuses to disclose who paid the ransom, what the
Police case number was, and if ATO and other relevant
organisations were notified.
An alleged ransomware attack against Waratah Strata Management
occurred on 1 February 2019. Sententia report, dated 26 March 2019
stated (undisclosed by Waratah Strata Management to 218 owners):
b) Sententia report in March 2019 does not report any data losses
in Office 365 or Azure cloud, therefore no record of files being
destroyed by ransomware attack on Microsoft public systems that
Waratah Strata Management uses for SP52948.
c) Lot 158 obtained official statement by Rockend that they
provide the lookatmystrata.com.au domain as a service. However,
Rockend does not store, hold, access, or release any information
related to that domain. All such information is held, exclusively
managed, and complete responsibility of Waratah Strata Management.
d) Lot 158 obtained official statement by Microsoft that they had never been notified about data loss and/or ransomware attack in Office 365 that keeps emails for waratahstrata.com.au.
Mirosoft also stated that had anybody reported loss of emails in
Office 365, Microsoft would have had ability to restore them
within 90 days after the incident. That obviously did not happen
as Microsoft seemingly has no record of such actions.
Microsoft found no trace of any complaint, ticket, or report for data losses for waratahstrata.com.au in Office 365 during 2019 or 2020.
The only event related to waratahstrata.com.au was ticket in June 2019 (case number 14941752) - problem with sending emails.
Microsoft has not been involved in any investigation of alleged ransomware attack or data losses that Waratah Strata Management reported for emails in Office 365.
Lot 158 has more information about this event but that will not be shared at the present time.
Regards,On 14/7/19 8:16 pm, SP52948 owner wrote:
Hi,
Lot 158 has some information that might be of importance to help the
Police investigations in regards to alleged data loss and hacking attack against Waratah Strata Management.
After malicious or criminal attacks, human error accounted for 35% data breaches over the period 1 April 2018 to 31 March 2019 (source: Australian Government Notifiable Data Breaches).
The Privacy Act 1988 (Cth) (Privacy Act) and the Privacy Regulations 2013 (Privacy Regulations) requires strata managers to comply with 13 Australian Privacy Principles (APPs) (subject to other provisions of that Act) in how they handle personal information. The APPs regulate the manner in which personal information is handled throughout its life cycle, from collection to use and disclosure, storage, accessibility and disposal (where applicable).
It is noted that Waratah Strata Management had full access to all passwords at lookatmystrata.com.au, which was/is against all security policies and privacy guidelines.
Please provide the following information as a matter of priority:
a) On which date (exact time would be appreciated) did the attack happen and what services were affected (website access to waratahstrata.com.au, email, and so on)?
b) Apart from SP52948, did any other Waratah Strata Management client lose data or got affected by the hacking attack?
c) SP52948 strata files are located at lookatmystrata.com.au. Does Waratah Strata Management allege that SP52948 data breach happened not only at waratahstrata.com.au but at lookatmystrata.com.au as well (two websites affected)?
d) Waratah Strata Management uses email services and Office365 at Microsoft. Is it alleged that Microsoft was also attacked and somehow lost SP52948 files?
e) On which date did the full services for email and website access to waratahstrata.com.au and lookatmystrata.com.au get restored?
f) Who provided file restore services (presumably from backup tapes or on-line backups)?
g) On which date was the Police notified and what is the Event number?
h) On which date was mandatory data breach notification completed (Privacy Amendment (Notifiable Data Breaches) Bill 2016)?
i) On which date, if applicable, was SP52948 insurance notified about the loss of data, financial files, and private information (including bank account details)?
j) Waratah Strata Management appears to have stated strata files on USB key that was lost (misplaced) by the Police in mid-2018 was not backed up. Is that still a valid and truthful statement?
Regards,