Energy Australia cyber attack: company hacked after Medibank, Optus

EnergyAustralia is the latest company to be the victim of a cyberattack, affecting hundreds of people.

The electric company said the breach involved unauthorized access to the online platform My Account, which exposed the data of 323 private and small business customers.

Accounts contain the customer’s name, address, email, electricity and gas bills, phone number, and the first six and last three digits of credit cards.

Users are now required to enter passwords of 12 characters, including a combination of upper and lower case letters, numbers and special characters.

Previously, one eight characters were required for passwords.

EnergyAustralia said there was no evidence of customer information being transferred outside of the company’s systems.

Identification documentation, such as driver’s licenses and bank details, are not stored in My Account.

The incident took place on September 30 and affected users were contacted on October 2.

Regulatory and government agencies have also been informed.

Mark Brownfield, EnergyAustralia’s Chief Customer Officer, apologized for the concerns raised by customers.

“While this incident was limited in terms of affected customers, we take customer information security seriously and have worked hard to implement additional layers of security to ensure the protection of all customer information,” he said.

“This now includes the implementation of 12 character passwords.

“We recognize that the transition to more secure passwords will not be an easy one for all of our customers, but this incident and other recent cyber incidents have shown that this is where we need to go with password complexity.”

It comes after Medibank and Optus were both victims of major breaches.

Medibank said it was approached by a criminal who claimed to have stolen 200 GB of data.

The data includes first and last names, addresses, dates of birth, Medicare numbers, policy numbers, phone numbers and some claim information.

The criminal claims to have stolen other information, including credit card data, which has not yet been verified.

This cyber incident is now the subject of an investigation by the Australian Federal Police.

Optus has appointed the Deloitte company to conduct an independent third-party assessment of its recent cyberattack, as well as its security systems, controls and processes.

Leave a Comment