Anyone who has ever applied for a job or been employed at Melbourne's fire service could be caught in the Fire Rescue Victoria hack.
It was previously believed cyber criminals didn't access firefighter recruit applications, but on Tuesday authorities revealed they might have also stolen private information.
This means anyone who has applied for any role at Fire Rescue Victoria or its predecessor Metropolitan Fire and Emergency Services Board, or worked as a contractor with either organisation, could be affected.
Criminals stole a trove of identifying information about former and current employees.
The organisation says it is a complex task to analyse what has been posted to the dark web.
Data that might have been stolen or accessed about all employees and applicants includes names, addresses, contact details and sensitive information such as criminal history or political views.
It could also include identification such as driver's licences and passport details.
Bank account details, superannuation funds, tax file numbers and health information relating to current or former employees could also be at risk.
Stolen information was posted to the dark web in mid-January and anyone who purchases the data faces up to 10 years in prison.
The service insists community safety has not been compromised and it can still dispatch crews and trucks through phones, pagers or radios.
Phone and email systems were affected following the attack but have since been fixed.
