One of Western Australia's most prominent Native Title bodies covering the Pilbara and Geraldton regions has denied covering up a "malicious criminal attack" that resulted in a serious data breach in late 2022.
A media statement from Yamatji Marlpa Aboriginal Corporation CEO, Simon Hawkins, in December 2022 confirmed the email accounts of employees had been compromised.
"Further examination indicated the accounts of three employees had been compromised, arising from a targeted spear-phishing attack by overseas hackers," Mr Hawkins said.
Yamatji Marlpa Aboriginal Corporation (YMAC) said at the time a third-party forensic expert confirmed the cyber attack was confined to the email accounts of three of the organisation's 100-plus employees, who work in one of the organisation's offices in Perth, Geraldton, Hedland, Denham and Broome.
YMAC, whose representative area is equivalent to the size of approximately one-third of WA, later removed the media statement on December 8, 2022 from its website.
A YMAC spokesman said on Thursday the organisation had replaced the statement from its website a year after its release with a fact sheet on the "malicious criminal attack", as well as general cyber security advice.
"After the cyber attack, YMAC undertook a very thorough process of notifying affected parties and strengthening our internal security measures," the spokesman said.
Mr Hawkins said in YMAC's initial 2022 statement that employees whose accounts were hacked were contacted and told how they were affected and to protect their personal data.
"YMAC pledged support to assist those individuals who may need to replace any identity documents compromised by this cyberattack," the CEO said at the time.
The organisation, which represents Traditional Owner groups across the Pilbara, Midwest, Murchison and Gascoyne regions of WA, then engaged national cyber support service IDCARE to provide specialist advice to its affected employees.
"As part of that process, we reported the attack to the Office of the Australian Information Commissioner, who now consider the matter closed," a YMAC spokesman said on Thursday.
Since 2022's cyber attack, YMAC has boosted internal security measures and last July hosted 'Cyber Resilience Outreach Clinics' in Meekatharra, Yule River and Carnarvon.
Mr Hawkins said YMAC had not received any threats or ransom from third parties to misuse the personal information gleaned from the 2022 incident, which came after more than a million cyber attacks against the organisation earlier that year were blocked.
"YMAC's cybersecurity capabilities have enabled the organisation to block more than 1.58 million attacks between July and September 2022 alone," he said in December 2022.
YMAC's range of services include Native Title claim and future act representation, heritage services, executive office, community, economic development assistance and natural resource management support.