Security firm G4S is the latest company to be hit by hackers in Australia after the massive Optus hack.
Current and former Australian employees of the company have been told that their tax file numbers, bank account details and medical checks were stolen and posted online in a ransomware attack.
The breach is believed to relate to a hacker attack on Port Phillip Prison in Victoria in early July.
However, the company only learned that the data had been posted online in mid-September and did not inform staff of any compromised data until Tuesday.
Although the attack took place at Port Phillip Prison, the hackers were able to gain access to the company’s entire network in Australia.
It is not known how many employees were affected by the break-in.
Current and former Australian G4S employees have been told their tax file numbers, bank account details and medical checks were stolen and posted online in a ransomware attack
The breach is believed to relate to a hacker attack on Port Phillip Prison in Victoria in early July
Information obtained includes employee names, addresses, dates of birth, contact information, police and medical checks, tax file numbers, bank account information, retirement information, Medicare numbers, and licensing information.
In some cases, payslips, health information shared with the company, and details about Workcover claims or incident reports were also stolen.
The company said the data was not easily accessible and told employees it had taken action to prevent the third party from continuing to access G4S systems and was collaborating with the Australian Cyber Security Center (ACSC).
G4S has been approached for comment by Daily Mail Australia.
It told before the guard it continued to “work with affected individuals to provide them with full support.”
G4S advised those affected on how to replace their identity documents, but did not offer to pay for the replacements or provide credit monitoring.
Meanwhile, an employment agency has also been hit by another data breach similar to the Optus hack.
Personal documents such as photos of passport pages and Covid-19 vaccination certificates were viewed during the hack.
Photos of identity documents — including driver’s licenses — of hundreds of thousands of the company’s customers were also made public through Google’s image search results because users uploaded their licenses as their profile picture.
Millions of angry Optus customers received this concerning text message on Sunday evening
Optus has confirmed the identification details of 2.1 million current and former customers have been exposed in the recent cyberattack (pictured an Optus store in Sydney last week)
The name of the agency has not been released.
It comes after the massive Optus data hack, with the embattled telco giant releasing more details on the impact of the breach on Monday.
Optus confirmed that the identification details of 2.1 million current and former customers have been exposed in the hack.
About 1.2 million customers have compromised at least one number of current and valid ID and personal information, including 150,000 from passports and 50,000 from Medicare cards.
Optus CEO Kelly Bayer Rosmarin stated in a new video message that those 1.2 million customers need to take action and they have already been contacted.
The other 900,000 who had compromised expired IDs may need to take action in addition to personal information, pending updates from licensing authorities.
About 7.7 million customers have not had their personal data stolen and do not need to take any action, but are urged to remain vigilant.
The names and email addresses of Telstra employees were posted on the same forum where the Optus breach data was posted last week
It was also announced on Tuesday that Telstra had suffered a major data breach in which hackers gained access to the personal information of 30,000 current and former employees.
The names and email addresses of the employees were posted on the same forum where the Optus breach data was posted last week.
The data disclosed includes first names, last names and business email addresses of 30,000 Telstra employees who worked for the company prior to 2017.
It also contained the information of 12,800 employees still employed by the telco.
Telstra’s group director for transformation, communication and people Alex Badenoch wrote a note to staff on Saturday.
She said the breach was related to a third-party program that previously provided Telstra’s Worklife NAB rewards program for staff.
What Optus said about the breach:
How did this happen?
Optus fell victim to a cyber attack. We took immediate action to block the attack that targeted Optus customer data only. Optus’ systems and services, including mobile and home internet, are unaffected and messages and voice calls are unaffected. Optus services will continue to be safe to use and operate as usual.
Has the attack stopped?
Yes. Upon discovering this, Optus immediately stopped the attack.
We are now working with the Australian Cyber Security Center to mitigate any risks to customers. We have also notified the Australian Federal Police, the Office of the Australian Information Commissioner and key regulators.
Why did we go to the media first instead of our customers?
The security of our customers and their data is our top priority. We did this because it was the fastest and most effective way to alert as many current and former customers as possible so they could be vigilant and monitor suspicious activity. We are now in the process of contacting customers directly affected.
What information about me may have been made public?
The information that may have been released includes customer names, dates of birth, telephone numbers, email addresses and, for a subset of customers, addresses, ID document numbers such as driver’s license or passport numbers. Affected customers will be notified directly of the specific information that has been compromised.
Optus services, including mobile and home internet, are not affected. Messages, voice calls, billing and payment information, and account passwords have not been compromised.
What should I do to protect myself if I suspect I have been the victim of fraudulent activity?
We’re not currently aware of any customers who have suffered damage, but we encourage you to raise awareness of your account, including:
Watch out for suspicious or unexpected activity on your online accounts, including your bank accounts. Immediately report any fraudulent activity to the related provider.
Watch out for contact from scammers who may have your personal information. This could be suspicious emails, texts, phone calls or social media posts.
Never click on links that look suspicious and never give out your passwords or personal or financial information.
How do I contact Optus if I think my account has been hacked?
If you believe your account has been compromised, you can contact us via the My Optus app – which remains the safest way to contact Optus, or call us on 133 937 for consumer customers. Due to the impact of the cyber attack, waiting times may be longer than usual.
If you are a business customer, please contact us at 133 343 or your account manager.
How do I know if I have been affected?
We are in the process of contacting customers directly affected.