© Provided by The GuardianPhotograph: Andriy Popov/Alamy
New South Wales Labor has warned its members their data could be posted online as early as Saturday after the organisation was targeted by a ransomware attack and the hacker group's deadline passed.
On 5 May, NSW Labor's systems were taken offline after the party fell victim to a ransomware attack by a hacker group known as Avaddon.
The ransomware attack works by sending phishing emails with attachments that look like images but contain malware that steals and encrypts sensitive data. The hacker group then threatens to not only block the organisation accessing it, but to publish the sensitive data. The group also threatens the organisation with distributed denial of service attacks that would keep their systems offline.
The information on NSW Labor members obtained by the group allegedly includes contracts, licences, passports and employee information.
Related: Train firm's 'worker bonus' email is actually cybersecurity test
The hacker group gave NSW Labor 10 days to pay, and the party informed members last night as the deadline drew close that their data may end up online.
"We have been working hard to investigate the incident and to protect our systems and prevent the personal data of members from being compromised. This incident has been our absolute priority," the party told members in an email on Friday evening.
"Despite our concerted efforts, there is a possibility that data held by NSW Labor has been compromised and may be leaked on Saturday morning. If this leak takes place, we will issue another member broadcast immediately."
The NSW police cyber crime squad and IT forensic experts have been brought in to investigate. A NSW police spokesperson told Guardian Australia: "This threat has been taken extremely seriously and NSW Labor has been working very closely with the NSW police cyber crime squad, IT forensic experts and specialist legal services."
A police spokesperson said detectives were still making inquiries.
The party advised members that if data was leaked online they should change their banking passwords and email passwords, and may potentially need to update their passports, tax file numbers and other sensitive information.
NSW Labor declined to comment further.
The Australian Cyber Security Centre last week issued a high alert about the Avaddon ransomware group, stating multiple organisations across a wide variety of sectors had been targeted by the group in recent weeks.
The law enforcement, government, pharmaceutical, academia, marketing, IT, construction and energy sectors had all been targeted in countries including Australia, Canada, the US, the UK, India and China.