ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

CTARS Data Breach

ctars.com.au
Limited exposure
Verified breach Sensitive Passwords exposed
Accounts exposed 12,314
Breach date 21 May 2021
Added to tracker 31 May 2022
Data classes 10

What happened

In May 2022, the client management system for the Australian government's NDIS (National Disability Insurance Scheme) suffered a data breach which was subsequently posted to an online hacking forum. The CTARS cloud platform is used by care providers to record information about NDIS participants and often contains sensitive medical information. Impacted data includes over 12k unique email addresses, physical addresses, names, dates of birth, phone numbers and data related to patient conditions and treatments.

Exposed data

Dates of birth Email addresses Genders Names Passwords Personal health data Phone numbers Physical addresses Salutations Usernames

Recommended actions

  • Change your CTARS password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing CTARS โ€” attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP