Update On Cyber Matter

4 September, 2024By

What has happened?

On 6 May 2024 we provided an update in relation to a cyber incident ZircoDATA experienced earlier this year.

Since suffering the cyber incident, there have been no further indicators of compromise. With the assistance of our internal and external cybersecurity experts, we continue to consider that the incident has been contained.

What information has been accessed?

As noted in the update, our investigation identified evidence that a subset of data was accessed and stolen from one corporate file server.

Since becoming aware of the data theft, we have been reviewing the impacted dataset to understand exactly what it contains. Given the size of data contained in the impacted fileserver, this detailed review process has taken some time.

Based on the investigation undertaken, we understand that a number of documents containing personal information have been impacted by the incident. This includes driver’s licenses, passports and other identification documents, records containing health and Medicare information, birth certificates, marriage certificates, visa documentation, international identification documents, tax and other financial records, police checks, records containing Centrelink and employment information.

What can I do?

Given the nature of the information accessed, there may be risks relating to scam communications via unsolicited emails, phone calls or text messages. Scammers can seem quite believable and impersonate government, police and businesses, including making their telephone numbers and email addresses look legitimate. For further information, visit https://www.scamwatch.gov.au/.

For those impacted or concerned, there are several steps that individuals can take in line with best practice to reduce the risk of serious harm, depending on the type of information accessed. This includes:

  • taking a high degree of care if you receive a communication purporting to be from ZircoDATA if you have not engaged with us directly before;
  • visiting the OAIC website for guidance on protecting your identity (https://www.oaic.gov.au/privacy/your-privacy-rights/tips-to-protect-your-privacy/);
  • reviewing statements from financial institutions and immediately contacting them if any suspicious transactions are identified;
  • obtaining a free credit monitoring report (for example, from https://www.equifax.com.au/personal/);
  • enabling multi-factor authentication where possible for online accounts, including social media;
  • remaining alert to any suspicious emails and SMS or telephone communications that are disguised to look like they come from someone you know or trust;
  • verifying communications by confirming the identity of the sender. This includes checking email names and domains, by hovering your mouse over the sender’s email address;
  • avoiding opening links that look suspicious. If you are unsure about a link sent to you by a company, you should go to the company’s website and look for the product or service that was offered; and
  • considering changing your email account passwords. Make sure you use strong passphrases that you do not use for other accounts.

To get further information about online safety, cyber security and helpful tips at www.cyber.gov.au.

Who can I contact?

If you have any questions in relation to the incident or wish to discuss anything further, we have set up a dedicated email for you to send these queries to: services@zircodata.com.au. We will endeavor to respond to any queries as soon as possible.