Cybersecurity Incident - Frequently Asked Questions

These frequently asked questions (FAQs) have been developed in support of the cybersecurity incident impacting Victoria's courts and tribunals which was identified on 21 December 2023.

We will continually update this page with more information when it is available.

View our latest statement for more information: Thursday 18 January 2024

FAQs

This FAQ was added on Tuesday 20 February 2024:

With the addition of the above FAQ, the following two FAQs were removed as they contained outdated information:

  • When will the audio-visual system in courts be restored?
  • When can we expect the return of hybrid hearings and transcription services?

The following FAQs were added on Thursday 18 January 2024:

The following FAQs were added on Tuesday, 16 January 2024:

The following FAQs were added on Tuesday, 2 January 2024:

Have the services lost because of the cyber incident been restored?

  • Video conferencing was re-established in most courts on 16 January 2024, enabling the return of hybrid hearings from Monday 22 January 2024. 
  • Transcription services are operational; however, some delays are expected in the production of transcripts until systems are fully re-established.
  • Updated equipment to support in-court recording is now being rolled out. Recordings for Melbourne CBD courts will go live in late February/early March. Regional court room recording will be restored progressively from mid-March to April.
  • In-court witness recordings services via videoconferencing are also being rolled out across the state in late February.

What happens if the cyber criminals publish stolen audio-visual materials on the dark web?

If material is published, CSV will work together with relevant agencies to assist impacted people and provide support specific to their situation.

We are deeply mindful of the distress any unauthorised publication may cause and we are committed to supporting those who are impacted through that process.

What are CSV and the courts doing to strengthen the affected IT network to help prevent this from happening again?

The affected audio-visual network is being rebuilt with current technology and increased security to ensure it is as robust as it can be.

We are taking numerous steps to strengthen this system, including:

  • improving monitoring of network traffic
  • increasing the level of authentication and access control mechanisms in place
  • enhancing authorisation controls and further restricting access privileges
  • increasing the scope, frequency and type of security audits we undertake
  • updating or replacing some system software and applications to leverage contemporary solutions with enhanced security
  • review of data retention requirements to ensure timely deletion of data
  • engaging external cyber security specialists to provide independent advice and guidance.

Why is CSV announcing the new date range today when it was discovered on 5 January?

It has taken time to safely and securely analyse the devices that were disabled on the affected audio-visual network and to set up additional support systems for impacted people.

 

Is a hacking like this a common occurrence?

According to the Australian Signals Directorate (ASD) 2022-2023 Cyber Threat Report, cyber crime reports rose by 23 per cent to 94,000 in 2022-23. This means a cyber-crime is reported to the ASD every six minutes.

What is CSV and its role in the court system?

Court Services Victoria (CSV) is an independent statutory body corporate that provides administrative services and facilities to Victoria's courts, VCAT, the Judicial College of Victoria and the Judicial Commission of Victoria. 

CSV employs the people that assist to administer the courts, VCAT, the Judicial College and the Judicial Commission, and those who work to support judicial officers and VCAT members. 

CSV was formed to strengthen the independence of Victoria's courts and tribunals, and to put court administration into the hands of an entity directed by the judiciary. 

CSV is governed by the Courts Council which comprises the Heads of Jurisdiction and independent members appointed by the Council. 

Led by the Honourable Chief Justice Anne Ferguson, the Council is responsible for directing the strategy, governance and risk management of CSV. It is the principal administrative policy making body for CSV with respect to the administrative support provided to the Jurisdictions.

The Supreme, County, Magistrates', Children's and Coroners courts, and VCAT, the College and the Commission are all separate and distinct entities, with their own governing councils, internal arrangements and rule-making responsibilities.  

What is the difference between a matter and a hearing?

A matter is a prosecution or a proceeding in a court. A court case can be referred to as a matter. A hearing is an event (at a particular time and place) where the court hears from parties. Therefore, a matter may involve several hearings. There are many different types of hearings from short discussions of procedural steps to long trials where witnesses give evidence. 

 

What is the cyber incident that's happened?

Court Services Victoria (CSV) became aware on Thursday 21 December of a cyber incident that impacted in-court audio and video (AV) systems.

During the incident, there was unauthorised access to CSV's audio visual in-court technology network.

Recordings of some hearings in courts and tribunals between 1 November and 21 December 2023 may have been accessed. It is possible some hearings before 1 November are also affected.

The potential access is confined to video and audio recordings stored on the network. Other court records are not impacted.

Have you contained the cyber incident?

Yes. CSV took immediate action to isolate and disable the affected network and to put in place arrangements to ensure continued operations across the courts.

The audio-visual network is separate to other CSV systems.

No other court systems or records were accessed or impacted.

What does this mean for people who attended court hearings during this period?

Court user audio only or audio and video recordings of what was said in a hearing may have been accessed.

Court and tribunal hearings are mostly public, and not confidential.

CSV has been working with justice system agencies, such as Victoria Police, Victoria Legal Aid and the Office of Public Prosecutions on areas where there may be particularly sensitive material.

Will I be contacted and how will I be contacted?

Where possible, courts are notifying parties whose hearing may have been affected.

Who can I contact about my concerns?

For those seeking further information or assistance, support is available during business hours from Tuesday 2 January 2024 by emailing CSVData@courts.vic.gov.au

 

This includes support from IDCARE, Australia's national identity and cyber support community service.

Will my upcoming court case be affected by this incident?

All courts have put in place plans so that they can continue to safely and securely hear matters.

Some changes to hearing arrangements are in place while the affected network remains disabled. Information about any changes can be obtained from the relevant court.

If you have a question about an upcoming court case and how this might be affected, please contact the relevant registry.

What has been done to secure CSV's IT systems?

CSV took immediate action to isolate and disable the affected network and arrangements were put in place to ensure continued secure operations across the courts.

What are you doing to make sure this doesn't happen again?

The work on the restoration of systems includes works to strengthen security across the broader court and tribunal-wide technology environment.

Who is responsible for the breach?

We don't provide information or details on cyber threat actors.

How can I make a complaint about how this incident was handled?

Please email privacy@courts.vic.gov.au if you wish to raise any concerns.

Have financial records and employee data been accessed or otherwise impacted?

No. No other court systems or records, including employee or financial data, were accessed.

Have those responsible for the hack made any demands of Court Services Victoria? Have any threats been made to release the recordings?

For security reasons, we will not comment on the specific details of our response to this cyber incident. 

Are police investigating and what assistance are the courts receiving from government security agencies?

CSV has notified the relevant authorities, including Victoria Police whose cybercrime squad is investigating. 

We are working closely with the cyber security experts in the Victorian Department of Government Services. 

We have also secured support from IDCARE, Australia's national identity and cyber support community service. 

Why was a statement released on 2 January when the courts first became aware of the incident on 21 December?

CSV took immediate action to disable the network and notify the relevant authorities. 

It was not immediately apparent which recordings and transcripts were affected. It has taken time to establish this.

How were the courts alerted to the cyber security incident?

Computers used to control audiovisual court hearings were disrupted. 

Some compromised recordings may involve people whose identities are protected by court orders or legislation. What is being done?

CSV has been working with justice system agencies to identify sensitive matters. Courts are notifying parties whose hearings may have been affected and those parties can discuss any specific concerns at that time. CSV has also partnered with IDCARE, Australia's national identity and cyber support community service, to work with people to address their concerns.  

CSV is not currently aware of any recordings being released but will notify the relevant authorities should this occur. Maintaining security for court users is our highest priority and we recognise and apologise for the distress this incident may cause.

Can you clarify when the incident occurred?

While we became aware on 21 December, the incident occurred on 8 December. It was a breach of a single system that manages only audio-visual recordings for all courts and was contained to only that system. It is a single courts-wide solution managed centrally.

The system holds recordings for around 28 days, so the primary investigation period is 1 November to 21 December, which is when we identified the problem, and isolated and disabled the affected network.

Not all courts held hearings that were recorded on the impacted audio-visual network during the affected time frame.

 

This page was last updated: Wednesday 13 March 2024 - 4:52pm