Avocado and berry grower Costa Group says there isn’t any proof delicate worker tax and passport knowledge has been leaked or uploaded to the darkish net regardless of its programs being hacked.
The ASX-listed horticulture enterprise is the most recent Australian firm to fall sufferer to a cyberattack, warning on Friday of a phishing assault on its server which holds knowledge for the corporate’s berry operations.
Costa stated the corporate couldn’t inform precisely what the hackers accessed in August, as they encrypted their downloads, however there was a danger that the non-public info of staff, employed immediately by the corporate since 2013 or by labour rent corporations since 2019, could have been compromised.
“This delicate info could embody the next: passport particulars, financial institution particulars, superannuation particulars [and] tax file numbers,” the corporate stated.
The enterprise has been monitoring the darkish net to attempt to work out whether or not any of that delicate info has been posted, however stated at this stage no publication of the info has been recognized. It’s potential a number of thousand worker data had been affected, nevertheless it’s not clear what data had been accessed.
“Costa has taken steps to guard in opposition to any additional malicious assault, together with limiting site visitors to servers, growing the extent of finish level safety and scheduling extra worker coaching referring to phishing and social engineering practices,” the corporate stated.
Company Australia has been rocked by knowledge breaches over the previous two months. The assault on telco Optus had the largest influence, with knowledge from near 10 million Australians stolen and the corporate set to face a category action-style declare led by Maurice Blackburn.
Final week, ASX-listed companies Telstra and NAB confirmed they had been additionally stung when a breach of a third-party rewards platform resulted within the names and e-mail addresses of present and former workers being posted on-line.
This assault didn’t contain a direct assault on the businesses’ programs, however occurred when a company rewards platform referred to as Pegasus was compromised.