Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label G4S. Show all posts

Australian Security Firm G4S Hacked, Staff on Alert


Ransomware Attack, G4S Breached

Present and earlier employees of security organization G4S have been alarmed to be cautious, due to a ransomware attack where personal information was stolen and posted online. The leaked info includes tax file numbers, medical checks, and bank account information. 

The attack comes after the massive Optus data leak incident in Australia, joining two more data breaches. It seeks government plans to reform cybersecurity and follow higher penalties under the Privacy Act.

G4S offers services to Australian prisons

G4S offers services to prisons throughout Australia, earlier it offered services to offshore detention centers on Manus Island, belonging to the federal government. 

It informed its former and current customers earlier this week that it suffered a cyber incident, allowing unauthorized access to a third party, and giving malware programs access to G4S systems. 

According to Guardian Australia, it believes the incident to be a ransomware attack targeting Port Philip prison. The media reported on this incident in early July. 

"Guardian Australia was also alerted on Tuesday to another Optus-style data breach involving an employment agency. The breach was the result of a similar open application programming interface (API) to that believed to have been breached in the Optus attack. Personal documents such as photos of passport pages and Covid-19 vaccination certificates were accessible via the vulnerability."

What can the victims do?

During mid-September, G4S came to know that some data was leaked online. However, it only informed the affected customers about the degree of the attack and the compromised documents in an e-mail earlier this week. 

The stolen data includes employee names, dates of birth, address, medical and police records, contact info, bank account details, tax file numbers, license details, and Medicare numbers. 

In some incidents, health info is given to the company, payslips, and Workcover claims information and incident reports have also been leaked.

Though the incident happened at Port Philip prison, the cyber criminal got access to the company's entire network throughout Australia. 

Casualties not confirmed

The number of staff impacted by the breach is yet to be known, G4S didn't give answers to questions about the victims, on the other hand, saying the company is working with affected individuals to provide them full assistance. 

G4S advised the victims to change their identity documents but didn't provide compensation for replacements or give credit monitoring. 

The Guardian reports:

"Separately, photos of identity documents – including driver licenses – of hundreds of thousands of the company’s clients were publicly available via Google image search results because users had uploaded their licences as their profile photo. The company has since acted to prevent users from uploading sensitive documents to profiles."