Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

AGL falls victim to cyber breach, thousands affected

Australian energy provider AGL has been hit by a “cyber incident” on its My Account platform.

user icon Daniel Croft
Mon, 05 Dec 2022
AGL falls victim to cyber breach, thousands affected
expand image

Based on current reports, only 6,000 customers of AGL’s 4.2 million have been affected by the hack, after the company reported “elevated levels of suspicious activity”.

Based on current analysis, it appears malicious actors have used stolen credentials acquired externally (such as usernames and passwords used elsewhere by customers) to log into a number of customer accounts.

We have communicated to potentially affected customers regarding the suspicious activity and to alert them to unusual activity on their account.

============
============

As a precautionary measure, we have also placed a lock on these accounts while the incident is being investigated.”

AGL has said that it is currently notifying customers with an email connected to their account of the breach. However, as the breach did affect email addresses, AGL has said that it is currently sending out communications through the post.

Customers have been advised that once their accounts are unlocked, they will be required to reset their passwords and that they should activate two-factor authentication.

The federal government has also been notified.

AGL previously announced changes to the way it operated cyber security measures back in 2020 after the Australian energy market operator introduced the Cyber Security Industry Working Group to develop the Australian Energy Sector Cyber Security Framework.

The framework provides “all energy market participants, regardless of type or size, with a structured approach to describe and measure the maturity of their organisation’s cyber security capabilities”.

AGL chaired the Cyber Security Working Group and played a key role in developing the framework.

With the latest breach, the energy provider could face serious fines after the federal government passed new legislation, increasing the fine for “serious” or “repeated” breaches from $2.2 million to $50 million.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.