(Updates to add NZ's Smartpay)
June 16 (Reuters) - Australian firms have suffered many
cyber attacks since last September, putting the spotlight on the
country's understaffed cybersecurity industry that experts say
seems ill-equipped to tackle such hacks, endangering sensitive
information of people.
Here is a list of companies that have been hit by data
breaches:
OPTUS
Australia's second-largest mobile operator and a unit of
Singapore Telecommunications STEL.SI was the first to report a
data breach in September that affected up to 10 million
customers, about 40% of the nation's population. The exposed
data included home addresses, drivers' licences and passport
numbers.
WOOLWORTHS
Australia's biggest grocer Woolworths Group Ltd WOW.AX
said in October its majority-owned online retailer MyDeal
identified that a "compromised user credential" was used to
access its systems, exposing email addresses, phone numbers and
delivery addresses of about 2.2 million customers.
FORCENET
Australia's Assistant Minister For Defence Matt
Thistlethwaite said on Oct. 31 that hackers targeted a
communications platform used by the country's military personnel
and defence staff with a ransomware attack but that no data was
compromised.
DAILOG
IT services consulting firm Dailog, another unit of
Singapore Telecommunications STEL.SI , faced a cyber attack
that potentially affected 1,000 current and former employees and
fewer than 20 client, the company said on Oct. 10.
AUSTRALIAN CLINICAL LABS
Medlab, a unit of Australian Clinical Labs Ltd ACL.AX , one
of the country's largest pathology providers, suffered a breach
in the same month that exposed data of about 223,000 patients.
MEDIBANK
Health insurer Medibank Private MPL.AX , which covers about
one-sixth of Australians, said in November that personal and
significant amounts of health claims data of around 9.7 million
of its current and former customers was compromised, forcing it
to flag a hit to earnings and withdraw forecast for a key
metric.
TELSTRA
Australia's largest telecoms operator Telstra TLS.AX in
early October suffered what it called a small data breach, which
exposed data of about 30,000 current and former employees dating
back to 2017.
On Dec. 11, Telstra said 132,000 customers were affected by
an internal error which led to the disclosure of certain
customer details.
BWX
Skin and hair care products maker BWX Limited said in
November a malicious code was "unlawfully" entered onto one of
its websites that may have compromised credit card numbers and
expiry dates of about 2,500 customers.
TPG TELECOM
Australia's No.2 internet service provider TPG Telecom
TPG.AX said in December it had been notified of unauthorised
access to a hosted exchange service that hosts email accounts of
up to 15,000 business customers.
CBA
Commonwealth Bank of Australia CBA.AX said on March 8 its
Indonesian unit, PT Bank Commonwealth (PTBC), had been hit by a
cyber incident involving unauthorised access of a web-based
software application used for project management.
IPH
Days later, Australian intellectual property services
provider IPH Ltd IPH.AX said it had detected unauthorised
access to a portion of its IT environment, compromising
information including administrative documents and some client
documents.
LATITUDE
Australian digital payments and lending firm Latitude Group
Holdings Ltd LFS.AX said on March 16 a hacker had stolen
personal information held by two service providers, compromising
about 103,000 identification documents and 225,000 customer
records.
On April 11, the firm said it will not pay a ransom to the
hackers as it saw no assurance that the payment would result in
the return or destruction of the stolen data, and it did not
want to reward criminal behaviour.
TECHNOLOGYONE
Australia's TechnologyOne Ltd TNE.AX said on May 10 it had
detected an unauthorised third-party access to its back-office
systems, becoming the latest target in a series of cyber attacks
that has bogged companies in the country since last year.
SMARTPAY
New Zealand-based Smartpay Holdings SPY.NZ disclosed a
ransomware attack confirming the theft of information from
customers in Australia and New Zealand, making it the latest
victim in a slew of cyberattacks in the region.
(Compiled by Jaskiran Singh, Rishav Chatterjee, Roushni Nair,
Harshita Swaminathan and Navya Mittal in Bengaluru; Editing by
Sherry Jacob-Phillips, Rashmi Aich and Sohini Goswami)
((Jaskiran.Singh@thomsonreuters.com))