Singtel’s Australian IT firm Dialog caught in data breach just weeks after Optus hack

Optus’ parent company Singtel has been caught up in its second breach in recent weeks, this time exposing the details of Dialog’s 20 clients and more than 1000 staff.

Joseph Lam

@editorialjoe

2 min read

October 10, 2022 - 9:49PM

The Australian Business Network

ASX expected to 'take a knock' and open down 0.9 per cent

Business

Don't miss out on the headlines from Business. Followed categories will be added to My News.

The parent company of Optus has been caught up in its second Australian cyber breach in recent weeks, this time compromising the data of more than 1000 employees and customers.

IT consulting firm Dialog, which was bought by a Singtel subsidiary in April, was the victim of a breach which saw the personal information of 1000 of its staff both former and current as well as 20 clients published on the dark web.

Dialog boats clients from the big four banks to government organisations. Online it lists National Australia Bank, Suncorp, Rio Tinto, the NSW Electoral Commission, SAP Department of Human Services, Virgin Australia, Flight Centre, ESS Super, Alfred Health, the NSW Anti-Corruption Organisation, the Queensland Government Department of Communities, the Victorian Government GIS and the University of Tasmania in its portfolio.

“The Dialog Group today confirmed that the company has experienced a cybersecurity incident in which an unauthorised third party may have accessed company data, potentially affecting fewer than 20 clients and 1,000 current Dialog employees as well as former employees,” Singtel said in a statement.

“On Friday 7 October 2022 we became aware that a very small sample of Dialog’s data, including some employee personal information, was published on the Dark Web.”

The company took to issuing a statement on Monday revealing it had learned of the breach on Friday, the same day Maurice Blackburn Lawyers announced it had filed a representative claim to the Office of the Australian Information Commissioner, led by Macquarie University academic and Optus legacy customer Sean Foley.

Optus’ owner Singtel has been caught up in its second Australian cyber breach in recent weeks, with details of 20 customers and 1000-plus employees exposed. Picture: Gaye Gerard/NCA Newswire

Similarly to the Optus breach, former Dialog staff have also been caught up in the breach.

In the statement, the company confirmed the breach had taken place some weeks before the Optus hack, however the company failed to detect “unauthorised downloading of data”.

After learning a hacker had breached the company’s cybersecurity, Dialog shut its servers for two days before resuming work, only to later find their staff’s personal details published on the dark web.

“On Saturday 10 September 2022, we detected unauthorised access on our servers, which were then shut down as a preventative measure,” the statement reads.

“Within two business days, our servers were restored and fully operational. We contracted a leading cybersecurity specialist to work with our IT team to undertake a deep forensic investigation and continuous monitoring of the Dark Web. Our ongoing investigations showed no evidence of unauthorised downloading of data.

“We have notified the relevant authorities and are supporting those who may be impacted to protect against the risk of fraudulent activity.”

Dialog was acquired by NCS, a subsidiary entirely owned by Singtel in April. Singtel said that Dialog’s compromised servers remain separate to its own, as well as that of NCS and Optus.