Clive Palmer’s Trumpet of Patriots and United Australia parties hit with data breach | Australia news

The political parties run by Australian mining magnate Clive Palmer have been hit with a ransomware attack, with banking records, employment history and other personal information potentially compromised.

The Trumpet of Patriots, which ran but did not secure any seats at May’s federal election, announced to supporters on Thursday that a breach occurred on 23 June and related to information from the party as well as its predecessor, the United Australia party.

The news was first reported by Crikey, which reported an email was sent to supporters. The information was also posted to the Trumpet of Patriots party website.

The party said there was unauthorised access to its servers on 23 June, resulting in access to and the possible copying of data records, potentially including all emails to and from the parties and documents and records created by the parties.

Trumpet of Patriots said this could include email addresses, phone numbers, identity records, banking records, employment history, and other documents, but said the party was unsure of the amount of information.

“We do not know comprehensively what information of yours was on the server but you should assume that any information you have provided would have been stored on the server.

“We do not keep a record of all individuals who were on the server.”

Trumpet of Patriots said it was “impracticable to notify individuals”.

The systems have been secured and restored from backups, the party said, adding it had reported the breach to the Office of the Australian Information Commissioner (OAIC) and the Australian Signals Directorate (ASD).

Party supporters have been advised to review what information they provided to the party, and consider what action may need to be taken. They have also been advised to keep alert for potential scams arising from the breach.

Under the mandatory data breach notification scheme, organisations have 30 days to assess whether a breach is serious enough to require reporting to the OAIC and to those affected. OAIC guidelines state if it is not possible to contact everyone affected, an organisation must put the notification on their website, and promote the notification through email or social media or other channels.

The OAIC has been contacted for comment.

Palmer’s party failed to pick up any seats in the federal election, despite spending what the billionaire estimated was up to $60m in advertising to promote the party across the country, and sending millions of unsolicited text messages to Australians through the election campaign.

In the 2023-2024 financial year, the ASD responded to 121 ransomware incidents, making up 11% of all incidents dealt with by the agency.

The OAIC reported that in the same time frame, of the 413 cybersecurity incidents that resulted in a data breach, 26% involved ransomware.