Important information for Current & Previous CSBS Participants

CTARS Data Breach

What happened
In May of last year, the external client management system that we previously used to hold your information, experienced a cyber-attack, and they have informed us that your information may have been breached.

CTARS Pty Ltd. (CTARS) is a cloud-based system, that holds client [Participant] information for NDIS, and other service providers. While we stopped using CTARS’ services in 2020, your information was held by CTARS on their system in an archived state, and even though you may no longer be supported by us, your information may have been accessed.

This means that some of your personal information may be compromised, and while CTARS has reported this breach to us, they have advised us that they are unable to determine whose files, and what specific information has been breached.

Furthermore, CTARS advised that some of the information downloaded from their system has been published to a ‘deep web forum’. The ‘deep web’ is a section of the internet hidden from search engines and not easily accessible by the general public.

CTARS’ response
In recognition of the seriousness of the cyber-attack, CTARS has issued a statement and have asked us to contact you and direct you to their website [ ] for more information, including the avenues of support available to you, and the steps you can take to minimise the impact of the breach.

Because the incident was a compromise of the CTARS system, CTARS are leading the forensic investigation, and they will continue to provide us with detailed updates.

CTARS has reported the data breach to the Australian privacy regulator, the Office of the Australian Information Commissioner (OAIC) and to the Australian Cyber Security Centre (ACSC).

Next steps for you

We understand that this incident may raise concerns for you. There are steps you can take to reduce the potential impact on your personal information if you think you may have been affected.

Contact CTARS for more information

If you would like further information about the data breach, a response team is on hand to answer your questions. The response team can be contacted by emailing

Contact IDCare 

CTARS have arranged free support from IDCARE, Australia’s national identity and cybersecurity community support service.
Anyone affected by this incident, but particularly high risk and vulnerable persons, can engage an IDCARE Case Manager via IDCARE’s Get Help Web Form at

IDCARE’s services may be accessed by providing referral code CTR22 when completing its Get Help Web Form or calling 1800 595 160. CARE for individual case management and assistance.

CSBS is aware of the importance of the personal and sensitive information that you have entrusted to us, and we are extremely disappointed and concerned that this incident has occurred.
If you want to speak to us, please reach out via 1300 18 11 88 or email


Let’s talk about how we can be part of your story.

1300 18 11 88

Providing supports across South East Qld