Riverina Medical and Dental Aboriginal Corporation (‘RivMed’) data breach
On 14 January 2025, the Department of Communities and Justice (DCJ) was notified of a suspected data breach affecting Riverina Medical and Dental Aboriginal Corporation (‘RivMed’) where a threat actor accessed a RivMed employee’s system and downloaded a number of documents in October 2024.
The incident was identified by Cyber Security NSW, which located documents relating to RivMed on the dark web.
RivMed first advised the community of this incident on 26 February 2025. RivMed has also notified medical and dental clients who were affected by this breach.
DCJ and RivMed acted immediately to contain and investigate the incident, including:
- taking steps taken to ensure the data is not made publicly available.
- continued monitoring of the web and dark web.
- reporting the incident to the NSW Police Force for investigation.
Since the incident occurred, DCJ has been continuously monitoring for any indication that personal information has been published or shared, and we can confirm there is no evidence of this.
RivMed and DCJ’s investigations are now complete. Affected individuals have been contacted so they can take the appropriate precautions and, if needed, access various support services.
What is the recommended action(s) for affected individuals?
Affected individuals can visit DCJ’s Public Notification Register for more information about this data breach.
The public notification also includes DCJ’s fact sheet, for information on how you can:
- confirm if your information was affected.
- take steps to protect your information.
- if needed, access various support services.
- if you are affected, make a complaint or seek a review.
What else should affected individuals be aware of?
If you have been affected by this data breach you need to be aware that scammers may try to capitalise on this incident, for example, by claiming to be from NSW Government agencies.
You should stay alert for fraudulent e-mails, letters, phone calls, and text messages.
We’ve briefly outlined some general precautions that you can take to protect your personal information below.
- Use long, complex passwords, especially for online services such as banking, email, and social media.
- You should change and strengthen your passwords if you currently use the same password for multiple accounts and services.
- Implement multi-factor authentication on digital services where available. For example, where you receive an additional code sent to your phone by SMS before you can log into your account.
- Don’t open messages or click links if you don’t know the sender or if you’re not expecting the message (phishing emails).
If you believe that your personal information has been misused (for example, as part of a scam, identity theft, or fraud), report this to ReportCyber at https://www.cyber.gov.au/report-and-recover/report
Get support
ID Support NSW is a free government support service for all people in NSW to help individuals restore and protect their identity documents and personal information.
To receive personalised guidance from one of our team, call 1800 001 040. You can quickly and easily safeguard your information in around ten minutes, typically without any hold time.
Advisors are available between 9am and 5pm, Monday to Friday. Interpreter services are available.