Share this article on:
EnergyAustralia is the latest Aussie company to be hit by cyber attack as private details of hundreds of customers were exposed.
The electricity company revealed 323 residential and small business customers were affected by unauthorised access to their online platform, My Account, in a statement released late on Friday.
Details including customer names, addresses, email addresses, electricity and gas bills, phone numbers and the first six and last three digits of their credit cards are all included with those accounts. However, EnergyAustralia asserts there was “no evidence” customer details were transferred outside the company’s platform.
The electricity company stressed that sensitive documents such as driver’s licences or passports were not stored on the platform.
“There is no evidence that customer information was transferred outside EnergyAustralia’s systems, and importantly, identification documentation, such as driver’s licences or passports, and banking information, are not stored on My Account."
“This information remains secure. No other EnergyAustralia systems were affected,” Energy Australia explained.
The breach occurred on 30 September and affected users were contacted on 2 October, with EnergyAustralia briefing the regulatory authorities and government agencies soon after.
Now customers are required to implement 12-character passwords, which will have to include a mix of capital and lowercase letters, numbers and special characters.
Previously, only eight characters were required for account passwords.
EnergyAustralia chief customer officer Mark Brownfield, apologised for the breach in the statement, urging customers to change their passwords.
“We apologise for the concern that this issue may have caused our customers,” Brownfield said.
EnergyAustralia has become the latest Australian company to be targeted by a cyber attack, and while the electricity company has acknowledged this incident was limited in terms of customers affected, it has reaffirmed that it takes the security of customer information seriously and “have been working hard” to put in place additional layers of security to ensure the protection of all customer information.
“This now includes the implementation of 12-character passwords.
“We recognise the transition to more secure passwords won’t be easy for all our customers, however, this incident and other recent cyber incidents have highlighted this is where we need to go with password complexity,” EnergyAustralia stated.
Recently, Optus and Medibank were hit by major cyber attacks.
Cyber criminals claim to have stolen 200 gigabytes of customer data from Medibank, which potentially includes personal details such as medical procedures and diagnoses, addresses, Medicare numbers and credit card information.
The private health insurer has been working with the Australian Signals Directorate and the Australian federal police following the company’s “unreserved” apology for the data breach.
[Related: The sneaky ways online privacy and security are being compromised]