Avocado and berry grower Costa Group says there is no evidence of employees’ sensitive tax and passport data being leaked or uploaded to the dark web, despite its systems being hacked.
The ASX-listed horticulture business is the latest Australian company to fall victim to a cyberattack, warning on Friday of a phishing attack on its server that stores data for the company’s berry operations.
The company said there was a risk that the personal data of workers at its berry farms had been compromised. credit:Shutterstock
Costa said the company could not say exactly what the hackers accessed in August because they encrypted their downloads, but there was a risk that the personal information of workers hired directly by the company since 2013 or by staffing firms since 2019. may have been compromised.
“This sensitive information may include the following: passport details, bank details, pension details [and] tax numbers,” the company said.
Businesses have been monitoring the dark web to try to find out if such sensitive information has been published, but said that at this stage of the data release, no data has been discovered. Several thousand employee records may have been affected, but it is unclear which records were accessed.
“Costa has taken steps to protect against any further malicious attacks, including limiting server traffic, increasing endpoint protection and planning additional training for employees related to phishing and social engineering,” the company said.
Over the past two months, corporate Australia has been rocked by data breaches. The attack on telecoms company Optus had the biggest impact, with the data of almost 10 million Australians stolen and the company facing a class-action-style lawsuit led by Maurice Blackburn.
Last week, ASX-listed Telstra and NAB confirmed they too had been hit when a hack of a third-party rewards platform exposed the names and email addresses of current and former employees online.
This attack did not involve a direct attack on the companies’ systems, but occurred when an enterprise rewards platform called Pegasus was compromised.
https://www.watoday.com.au/business/companies/fruit-grower-warns-bank-tax-data-compromised-in-cyberattack-20221009-p5boa5.html?ref=rss&utm_medium=rss&utm_source=rss_feed
