Another Australian organization, this time the electricity company EnergyAustralia, has been the victim of a severe cyber attack.
EnergyAustralia is the country's third-largest retailer of energy.
Threat actors had access to information on 323 residential and small business customers, according to the company, but there was 'no evidence of data exfiltration.
The compromised data were stored on the company's online platform, My Account, and included customer names, addresses, email addresses, electricity and gas bills, phone numbers, and the first six and last three digits of their credit cards, according to a statement released on Friday.
Passwords, banking information, driver's licenses, and passports, according to EnergyAustralia, were not compromised because they were not stored on the platform.
“There is no evidence that customer information was transferred outside of EnergyAustralia’s systems, and importantly, identification documentation, such as driver’s licenses or passports, and banking information, are not stored on My Account,” the energy company said of the hack that occurred on September 30.” reads the statement published by the company. “It added that impacted customers had been contacted by text and email on October 2 with a prompt to reset their passwords.”
The breach occurred on September 30th, and the company believes the attack was carried out with the help of a bot.
On October 2, the company notified the affected users and reported the incident to regulatory authorities and law enforcement. Customers' passwords were reset, and they were forced to use 12-character strong passwords.
Brownfield said, “We apologize for the concern that this issue may have caused our customers. While this incident was limited in terms of customers affected, we take the security of customer information seriously and have been working hard to put in place additional layers of security to ensure the protection of all customer information.”
“This now includes the implementation of 12-character passwords. We recognize the transition to more secure passwords won’t be easy for all our customers, however, this incident and other recent cyber incidents have highlighted this is where we need to go with password complexity.”