Vic gov supplier bank details altered in cyber attacks

By

On four occasions.

Victorian government departments have had the bank details of suppliers that are held in a central database altered by hackers four times in the space of a year-and-a-half.

Vic gov supplier bank details altered in cyber attacks

The Victorian Auditor-General’s Office (VAGO) said [pdf] it received four notifications of bank details being changed in departments’ vendor master files due to a cyber attack.

A vendor master file is a central database that holds information about an agency’s supplier details, including their bank account details, Australian Business Number (ABN) and invoice records, according to the office.

VAGO declined to provide further comment about the cyber attacks when contacted by iTnews, citing confidentiality.

However, it used the report to urge Victorian departments to adopt data and analytics to detect “fraud and corruption risks”.

Two departments that were audited, the Department of Jobs, Skills, Industry and Regions (DJSIR) and the Department of Transport and Planning (DTP) currently use data analytics to “proactively identify fraud and corruption risks” prior to awarding supplier contracts.

DTP, for example, uses "specialised software to identify and reduce fraud and corruption risks", which the audit said checks suppliers' details to make sure they are up to date and legitimate and their bank details against employees' bank details.

This approach should be adopted more widely, the report said, recommending that departments “set up regular data analytics reviews to assess their procurement activities for fraud and corruption risks”.

“At a minimum, this involves collating and centralising data so they can export and review it,” VAGO added.

Three departments said they aimed to set up a data analytics program to test their fraud and corruption vulnerabilities but have yet to do so “due to competing priorities and a lack of resources”.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Services Australia's sweeping security uplift plans for myGov

Services Australia's sweeping security uplift plans for myGov

Medibank allegedly missed EDR alerts before data breach

Medibank allegedly missed EDR alerts before data breach

Northern Beaches Council reviews security stack to shore up widening perimeter

Northern Beaches Council reviews security stack to shore up widening perimeter

CrowdStrike rejects Delta Air Lines claims over outage

CrowdStrike rejects Delta Air Lines claims over outage

Log In

  |  Forgot your password?