Federal police officers have been caught up in a major cyber attack that’s exposed a number of government departments.
The Australian Federal Police Association (AFPA) confirmed some members had their data breached in the hack on law firm HWL Ebsworth earlier this year.
The association did not reveal what data had been stolen but reports suggest it includes officer names and email addresses.
Bookstore chain Dymocks also confirmed it had been the subject of a major data breach, in a notice to customers released late on Friday.
More than 1.24 million Dymocks customers have had their names, address, phone, email, birth date and other information leaked and made available on the dark web.
Dymocks blamed the leak on an "external data partner" and said highly sensitive financial information such credit card details and passwords were not compromised.
"We are very sorry this has happened and continue to work hard with our forensic experts and cyber security advisors to establish how this occurred," the company said.
HWL Ebsworth’s systems were breached in April and the firm did not give in to demands for a ransom payment, a move commended by Home Affairs Minister Clare O’Neil.
The AFPA said it was supporting members who have had their data breached and encouraged all affected people to contact them for support.
“Affected members have approached the AFPA and we are aware of the issue and hold concerns about the impact this data breach may have on them,” AFPA president Alex Caruana said.
“We believe our members' information has been placed on the dark web and we trust the AFP to investigate this matter and look after the affected members.”
Mr Caruana said the association supported the federal government’s recent appointment of a national cyber security coordinator.
Government departments that have had their data accessed in the breach include the Fair Work Ombudsman and the National Disability Insurance Scheme.
Anyone impacted can seek support from Australia's national identity and cyber support community service, known as IDCARE.
Meanwhile, the Medicare and Centrelink numbers of thousands of Services Australia clients could have been disclosed in a Russian hack.
TPG's Australian pathology business TissuPath said no test information or billing details had been exposed in the data breach on August 24.
But patient request forms dating from 2011 to 2020 had been released by Russian hackers ALPHV.
Services Australia has started a data matching program using information provided by TissuPath about customers affected by the breach.
The federal agency said initial analysis provided by TissuPath indicated "there may be approximately 140,000 to 240,000 impacted credentials", but it was not known how many people were affected.
The agency will compare data provided by TissuPath - including card number, expiry date, customer name, dates of birth and addresses - to Medicare and Centrelink customer records.
"This will assist the agency to identify affected customers and apply proactive security measures to affected customer records," the agency said in a government gazette notice.