Picture of IPH logo

IPH IPH News Story

0.000.00%
au flag iconLast trade - 00:00
IndustrialsBalancedMid CapSuper Stock

Factbox: Australia Inc roiled by string of cyber attacks since late 2022

(Updates to add cyber incident at Eagers Automotive)
       Dec 28 (Reuters) - Australian firms have suffered many
cyber attacks since September 2022, putting the spotlight on the
country's understaffed cybersecurity industry that experts say
seems ill-equipped to tackle such hacks, endangering sensitive
information of people.
    Here is a list of companies that have been hit by data
breaches:
    
        SEPTEMBER 2022 
  
    
    OPTUS
    Australia's second-largest mobile operator and a unit of
Singapore Telecommunications  STEL.SI  was the first to report a
data breach in September last year that affected up to 10
million customers, about 40% of the nation's population. The
exposed data included home addresses, drivers' licences and
passport numbers.
    
    
        OCTOBER 2022
  
    
    WOOLWORTHS
    Australia's biggest grocer Woolworths Group Ltd  WOW.AX 
said in October last year its majority-owned online retailer
MyDeal identified that a "compromised user credential" was used
to access its systems, exposing email addresses, phone numbers
and delivery addresses of about 2.2 million customers.
    
    FORCENET
    Australia's Assistant Minister For Defence Matt
Thistlethwaite said in October last year that hackers targeted a
communications platform used by the country's military personnel
and defence staff with a ransomware attack but that no data was
compromised.
    
    DAILOG
    IT services consulting firm Dailog, another unit of
Singapore Telecommunications  STEL.SI , faced a cyber attack
that potentially affected 1,000 current and former employees and
fewer than 20 client, the company said in October last year.
    
    AUSTRALIAN CLINICAL LABS 
    Medlab, a unit of Australian Clinical Labs Ltd  ACL.AX , one
of the country's largest pathology providers, suffered a breach
in October last year that exposed data of about 223,000
patients.
    
    TELSTRA
    Australia's largest telecoms operator Telstra  TLS.AX  in
early October 2022 suffered what it called a small data breach,
which exposed data of about 30,000 current and former employees
dating back to 2017.
    On Dec. 11, Telstra said 132,000 customers were affected by
an internal error which led to the disclosure of certain
customer details.
    
    
    NOVEMBER 2022 
    
    MEDIBANK
    Health insurer Medibank Private  MPL.AX , which covers about
one-sixth of Australians, said in November last year that
personal and significant amounts of health claims data of around
9.7 million of its current and former customers were
compromised, forcing it to flag a hit to earnings and withdraw
forecast for a key metric.
    On June 20, Medibank confirmed that a file containing names
and contact details of staff members had been compromised after
its building manager faced a cybersecurity breach. 
    
    BWX
    Skin and hair care products maker BWX Limited said in
November last year a malicious code was "unlawfully" entered
onto one of its websites that may have compromised credit card
numbers and expiry dates of about 2,500 customers.
    
    
    DECEMBER 2022 
    
    TPG TELECOM
    Australia's No.2 internet service provider TPG Telecom
 TPG.AX  said in December last year it had been notified of
unauthorised access to a hosted exchange service that hosts
email accounts of up to 15,000 business customers.
    
    
    MARCH 2023 
    
    CBA
    Commonwealth Bank of Australia  CBA.AX  said in March its
Indonesian unit, PT Bank Commonwealth (PTBC), had been hit by a
cyber incident involving unauthorised access of a web-based
software application used for project management.
    
    IPH
    Australian intellectual property services provider IPH Ltd
 IPH.AX  said it had detected unauthorised access to a portion
of its IT environment, compromising information including
administrative documents and some client documents.
    
    LATITUDE
    Australian digital payments and lending firm Latitude Group
Holdings Ltd  LFS.AX  said in March a hacker had stolen personal
information held by two service providers, compromising about
103,000 identification documents and 225,000 customer records. 
    On April 11, 2023, the firm said it will not pay a ransom to
the hackers as it saw no assurance that the payment would result
in the return or destruction of the stolen data, and it did not
want to reward criminal behaviour.
    
    
    MAY 2023 
    
    TECHNOLOGYONE
    Australia's TechnologyOne Ltd  TNE.AX  said in May it had
detected an unauthorised third-party access to its back-office
systems, becoming the latest target in a series of cyber attacks
that has bogged companies in the country since last year.
    
    
    JUNE 2023 
    
    SMARTPAY 
    New Zealand-based Smartpay Holdings  SPY.NZ  disclosed a
ransomware attack confirming the theft of information from
customers in Australia and New Zealand, making it the latest
victim in a slew of cyberattacks in the region.
    
    
    SEPTEMBER 2023 
    
    SHELL
    Shell Plc  SHEL.L  said in September that it has identified
a cybersecurity incident involving some employees who worked
with its unit BG Group in Australia before the merger, becoming
the latest victim of the MOVEit hack.
        
  
    ENERGY ONE 
        Australian software supplier Energy One  EOL.AX  said in
September it has not uncovered any evidence of malicious
activity on its customer systems after the company identified a
cyber incident in August. The company's investigations found no
evidence of compromise of personal information of its current
and former employees, it said, adding that Energy One continues
to securely trade.
    
    
    DECEMBER 2023 
    
    EAGERS AUTOMOTIVE 
        Automotive retailer Eagers Automotive  APE.AX  said in
December a cyber incident was impacting some of its IT systems
at its operating locations across Australia and New Zealand. 
        The company was yet to determine the full extent of the
incident, but has notified the cyber security centres in both
countries, it said. 
  
        
  

 (Compiled by John Biju, Navya Mittal, Echha Jain and Manvi Pant
in Bengaluru; Editing by Rashmi Aich, Dhanya Ann Thoppil and
Sohini Goswami)
 ((Jaskiran.Singh@thomsonreuters.com))

Recent news on IPH

See all news