Queensland Fire and Emergency Services (QFES) says an investigation is in progress over a potential data breach involving a former employee. 

This incident involves information from the Rural Fire Service, potentially compromised by a former contractor.

A QFES spokesperson revealed that the contractor, whose engagement with QFES had recently concluded, is accused of unlawfully removing information related to the service. 

This data includes personal details such as names, phone numbers, and email addresses of some volunteers.

“Allegedly removed QFES information” pertains to the contractor's activities, the spokesperson detailed. 

In response to the incident's discovery, QFES took immediate action, informing all employees and volunteers about the breach. Those directly affected received additional communication.

QFES has reportedly conducted a thorough forensic analysis of the data accessible to and allegedly extracted by the contractor. 

The devices issued to the contractor by QFES have been secured, and, according to the spokesperson, “there is no evidence to indicate an ongoing concern”. 

Regarding the information's sensitivity, the spokesperson clarified that the contractor had access only to basic information pertinent to their project. 

The data did not include “other sensitive personal information such as payroll, banking, medical, passport, certificate of birth, drivers' licence or next of kin information”. 

Further steps have been taken by QFES, including enlisting external experts to scrutinise the data involved in the breach. 

The Queensland police have been “promptly” involved in the ongoing investigation. Additionally, the Office of the Information Commissioner Queensland has been notified of the incident.

Due to the active nature of the investigation, QFES has limited what details can be disclosed.