iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Property development and hotel organisation Meriton has announced that it was hit by a cyber attack.
The company announced on Wednesday (29 March) that the attack occurred back in mid-January, with threat actors potentially accessing as much as 35.6 gigabytes of data, affecting both past and present employees as well as 1,889 guests.
According to Meriton, no credit card details have been stolen, and the guest database remains uncompromised.
“Meriton’s hotel guest database for all past, present and future hotel guests was not compromised.
“Guest data was not stolen. The guest information that may have been affected relates to incident reports,” it said.
The company has said it has taken a number of steps in notifying relevant cyber bodies and beginning an investigation into the incident.
“Since [discovering the incident], Meriton has been working closely alongside leading cyber security and forensic IT professionals and taking all available steps to protect against future risk to data and prevent recurrence,” the company said on its website.
“This has included implementing enhanced cyber security measures to protect Meriton’s network as well as extensive network monitoring so that Meriton can quickly identify and respond to any future issues.
“Meriton takes information security and privacy very seriously and has allocated significant resources to manage its response.
“Meriton has notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner (OAIC) of the incident and will continue to liaise with relevant government agencies as required.”
Anyone affected by the breach has been personally notified by Meriton.
The Meriton breach is yet another example in recent weeks of the need for organisations to vet third-party organisations they work with and monitor the data and network access they have.
Both Rio Tinto and Crown were affected following a breach of third-party cloud provider GoAnywhere.
Vice-president for Asia-Pacific and Japan for BlueVoyant, Sumit Bansal, has said that supply chain attacks like these are an increasing risk in Australia.
“Visibility into supply chain cyber security risk remains an ongoing problem in Australia. This latest breach with Meriton is a reminder for companies to look at their vendors, suppliers, and other third parties,” said Bansal
“We have been hit with a series of supply breaches over the past few weeks with Latitude Financial and The Good Guys, and it’s a reminder that these companies are not the only ones to be negatively impacted by a breach related to a third party, and most likely will not be the last.
“To help prevent breaches, organisations should first make sure they know which third parties they use or have used in the past, and what data and network access they may have.
“Managing your own network is a challenge in and of itself, and adding on the complexity of additional third parties providing services brings yet another layer on top of that. This should be ongoing and continuous and not merely a yearly compliance check.”
Bansal said that organisations need to be careful about what data they share with third parties, while continuing to monitor vendors regularly. In addition, organisations should incorporate multi-layered security solutions to cover all bases.
“The best way for organisations to protect their data is with defence in depth. When different cyber security defences are layered, it makes it more difficult for cyber attackers to access sensitive systems and data,” he said.
“By continuously monitoring both internal networks and third parties, having access control, plus good cyber hygiene, like multi-factor authentication, companies can make it more difficult for attackers to gain access.”
Be the first to hear the latest developments in the cyber industry.
