Kate Palmer apologises for 'unauthorised access' following Sport Australia email hack

Sport Australia Chief Executive Kate Palmer has today issued an "unreserved" apology following an apparent hacking of an email account belonging to the Australian Sports Commission and the Australian Institute of Sport.

The agencies are currently investigating a potential breach of one of their email accounts last week and will contact almost 19,000 people who may have been affected.

In a statement today, Palmer advised "I would like to provide an update on the Australian Sports Commission (ASC) investigation into an incident of unauthorised access to one of the ASC’s email accounts.

"With close support from the Australian Cyber Security Centre and Microsoft we have been undertaking a thorough review into this incident.

"At this stage of the investigation we have determined it is not possible to conclusively establish if any personal information contained in the email account was extracted by an unauthorised person.

"As a precaution we are making it a priority to notify and support individuals who may have been impacted.

"We have established that the email account contained references to approximately 18,900 individuals. The vast majority of these individuals are referenced by either their name and/or birthdate, or other basic contact information.

"There are a small number of people that we consider to have had more sensitive personal information contained within the account. We are contacting each of these people directly to inform them and provide additional support. For privacy reasons we will not be making further comment on these individuals.

"On behalf of the ASC, I unreservedly apologise for this incident."

Palmer, who will leaving her role early next year, went on to state "we take our responsibility for protecting private and trusted information very seriously and have invested heavily in keeping our IT security systems strong and secure. The investigation found no evidence any other ASC email accounts or systems have been compromised.

"We have set up a dedicated webpage that provides further information, contact details for support services, and advice on how people can keep their online identity protected.

"To protect the ongoing security of personal information referenced in the email account, we have engaged with IDCARE (a national identity and cyber support service), to provide daily online monitoring to detect for any inappropriate use of personal information."

The incident has also been reported to the Office of the Australian Information Commissioner, as required, and referred to the Australian Federal Police.

Click here for more information.