In late May 2022, Marist180 was advised by one of its technology vendors “CTARS” (a cloud-based client management system) that an unauthorised third party had gained access to CTARS’ systems, and that a sample of CTARS systems data had been posted on a ‘deep web’ forum. 

The ‘deep web’ is a section of the internet hidden from search engines and not easily accessible by the general public. 

Marist180 uses CTARS for storing the information of some of the people we support, relevant to the services we provide them. 

CTARS has reported the incident to the Office of the Australian Information Commissioner (OAIC) and the Australian Cyber Security Centre (ACSC), and they have also engaged external cyber-security and forensic specialists to contain the event, implement additional security measures and investigate the incident. 

What Marist180 is doing in response

Consistent with our mission and values, we take the privacy and security of all personal information very seriously. 

When we became aware of the CTARS incident, Marist180 immediately assembled a dedicated internal team to respond to the incident and conduct a detailed analysis of the information we store on CTARS. This analysis, which is ongoing, will enable us to notify any of the people we support, contacts of the people we support, or staff members whose information may have been affected by this incident and provide them with tailored advice on how to further protect their information. 

We have been advised that this detailed analysis may take some time, however we are fully committed to keeping all stakeholders updated on our progress and will directly notify affected individuals once we have identified whose information has been affected, and the extent to which it has been affected. 

Further general updates may be posted on this website as more facts become available.

Who to contact for more information

IDCARE

If you are concerned about the potential misuse of your personal information, we have arranged free support from IDCARE, Australia’s national identity and cybersecurity community support service.  

Please engage an IDCARE Case Manager via IDCARE’s Get Help Web Form at https://www.idcare.org/contact/get-help or call 1800 595 160. IDCARE’s services may be accessed by providing referral code CTR22 when completing its Get Help Web Form.

Alternatively, you may visit IDCARE’s Learning Centre for further information and resources on protecting your personal information https://www.idcare.org/learning-centre.  

CTARS

Further information about the CTARS data breach can also be found on the CTARS website at CTARS Data Breach — CTARS.

Media Enquiries  

Media enquiries should be directed to info@m180.org.au

Marist180

If you are a client supported by one of the Marist180 services or are a contact of the people we support (family member, guardian, professional service provider, etc), you can find out more about the CTARS cyber incident and the types of information of yours that may have been stored on CTARS, by contacting Marist180 via: 

  • Phone: 02 9672 9200 (9:00am – 5:00pm AEST Monday to Friday) 
  • Email: info@m180.org.au

We are committed to keeping the people and communities we serve fully informed as we work to resolve this issue as swiftly as possible, and sincerely apologise for the inconvenience and concern this incident may cause the people we support, their families and our staff.