By Reuters | Updated: 29 September 2023
Sept 29 (Reuters) – Australian firms have suffered many cyber attacks since September 2022, putting the spotlight on the country’s understaffed cybersecurity industry that experts say seems ill-equipped to tackle such hacks, endangering sensitive information of people.
Here is a list of companies that have been hit by data breaches:
OPTUS
Australia’s second-largest mobile operator and a unit of Singapore Telecommunications (STEL.SI) was the first to report a data breach in September that affected up to 10 million customers, about 40% of the nation’s population. The exposed data included home addresses, drivers’ licences and passport numbers.
Sept 29 (Reuters) – Australian firms have suffered many cyber attacks since September 2022, putting the spotlight on the country’s understaffed cybersecurity industry that experts say seems ill-equipped to tackle such hacks, endangering sensitive information of people.
Here is a list of companies that have been hit by data breaches:
OPTUS
Australia’s second-largest mobile operator and a unit of Singapore Telecommunications (STEL.SI) was the first to report a data breach in September that affected up to 10 million customers, about 40% of the nation’s population. The exposed data included home addresses, drivers’ licences and passport numbers.
WOOLWORTHS
Australia’s biggest grocer Woolworths Group Ltd (WOW.AX) said in October its majority-owned online retailer MyDeal identified that a “compromised user credential” was used to access its systems, exposing email addresses, phone numbers and delivery addresses of about 2.2 million customers.
FORCENET
Australia’s Assistant Minister For Defence Matt Thistlethwaite said on Oct. 31 that hackers targeted a communications platform used by the country’s military personnel and defence staff with a ransomware attack but that no data was compromised.
DAILOG
IT services consulting firm Dailog, another unit of Singapore Telecommunications (STEL.SI), faced a cyber attack that potentially affected 1,000 current and former employees and fewer than 20 client, the company said on Oct. 10.
AUSTRALIAN CLINICAL LABS
Medlab, a unit of Australian Clinical Labs Ltd (ACL.AX), one of the country’s largest pathology providers, suffered a breach in the same month that exposed data of about 223,000 patients.
MEDIBANK
Health insurer Medibank Private (MPL.AX), which covers about one-sixth of Australians, said in November that personal and significant amounts of health claims data of around 9.7 million of its current and former customers were compromised, forcing it to flag a hit to earnings and withdraw forecast for a key metric.
On June 20, Medibank confirmed that a file containing names and contact details of staff members had been compromised after its building manager faced a cybersecurity breach.
TELSTRA
Australia’s largest telecoms operator Telstra (TLS.AX) in early October suffered what it called a small data breach, which exposed data of about 30,000 current and former employees dating back to 2017.
On Dec. 11, Telstra said 132,000 customers were affected by an internal error which led to the disclosure of certain customer details.
BWX
Skin and hair care products maker BWX Limited said in November a malicious code was “unlawfully” entered onto one of its websites that may have compromised credit card numbers and expiry dates of about 2,500 customers.
TPG TELECOM
Australia’s No.2 internet service provider TPG Telecom (TPG.AX) said in December it had been notified of unauthorised access to a hosted exchange service that hosts email accounts of up to 15,000 business customers.
CBA
Commonwealth Bank of Australia (CBA.AX) said on March 8 its Indonesian unit, PT Bank Commonwealth (PTBC), had been hit by a cyber incident involving unauthorised access of a web-based software application used for project management.
IPH
Days later, Australian intellectual property services provider IPH Ltd (IPH.AX) said it had detected unauthorised access to a portion of its IT environment, compromising information including administrative documents and some client documents.
LATITUDE
Australian digital payments and lending firm Latitude Group Holdings Ltd (LFS.AX) said on March 16 a hacker had stolen personal information held by two service providers, compromising about 103,000 identification documents and 225,000 customer records.
On April 11, the firm said it will not pay a ransom to the hackers as it saw no assurance that the payment would result in the return or destruction of the stolen data, and it did not want to reward criminal behaviour.
TECHNOLOGYONE
Australia’s TechnologyOne Ltd (TNE.AX) said on May 10 it had detected an unauthorised third-party access to its back-office systems, becoming the latest target in a series of cyber attacks that has bogged companies in the country since last year.
SMARTPAY
New Zealand-based Smartpay Holdings (SPY.NZ) disclosed a ransomware attack confirming the theft of information from customers in Australia and New Zealand, making it the latest victim in a slew of cyberattacks in the region.
SHELL
Shell Plc (SHEL.L) said on Sept 15 that it has identified a cybersecurity incident involving some employees who worked with its unit BG Group in Australia before the merger, becoming the latest victim of the MOVEit hack.
ENERGY ONE
Australian software supplier Energy One (EOL.AX) said on Sept. 29 it has not uncovered any evidence of malicious activity on its customer systems after the company identified a cyber incident in August. The company’s investigations found no evidence of compromise of personal information of its current and former employees, it said, adding that Energy One continues to securely trade.
© Thomson Reuters 2023
