Avocado and berry producer Costa Group says there isn’t any proof of delicate worker tax and passport information leaked or uploaded to the darkish internet regardless of its methods being hacked.
The ASX-listed gardening enterprise is the most recent Australian firm to fall sufferer to a cyberattack, warning on Friday of a phishing assault on its servers that maintain information for the corporate’s berry operations.
The corporate mentioned there was a danger that the non-public information of employees at its Berry Farms had been compromised. Credit score:Shutterstock
Costa mentioned the corporate couldn’t reveal what the hackers accessed in August as a result of they encrypted their downloads, however there was a danger that staff’ private data, straight by the corporate from 2013 or by labor employed companies since 2019. was employed. Compromise has been made.
“This delicate data could embody the next: passport particulars, financial institution particulars, retirement particulars [and] Tax file quantity,” the corporate mentioned.
The enterprise is monitoring the darkish internet to attempt to discover out if any delicate data has been posted, however mentioned the publication of the information has not been recognized at this stage. It’s potential that a number of thousand worker data could have been affected, however it’s not clear which data have been accessed.
“Costa has additional taken steps to guard in opposition to any malicious assaults, together with limiting site visitors to servers, rising the extent of endpoint safety, and scheduling further worker coaching associated to phishing and social engineering practices,” the corporate mentioned. “
Company Australia has been rocked by information breaches over the previous two months. Telco Optus was hit hardest by the assault, with the information of round 10 million Australians stolen and the corporate confronted a Class action-style assertion led by Maurice Blackburn.
Final week, ASX-listed companies Telstra and NAB confirmed they have been additionally shocked when the names and e mail addresses of present and former staff have been posted on-line because of a breach of a third-party rewards platform.
The assault didn’t contain a direct assault on the businesses’ methods, however it did happen when a company rewards platform known as Pegasus was compromised.