Avocado and berry grower Costa Group said there was a “risk that personal sensitive information of workers on Costa’s Australian berry farms may have been accessed”, including passport, bank account and superannuation details, as well as tax file numbers.

The ASX-listed horticulture business is the latest Australian company to become a casualty of a cyberattack, warning it had experienced “a malicious and sophisticated” phishing attack on its server, which holds data for the company’s berry operations.

Stream more business news live & on demand with Flash. 25+ news channels in 1 place. New to Flash? Try 1 month free. Offer ends 31 October, 2022 >

Phishing scams are attempts by scammers to trick you into giving out personal information such as your bank account numbers, passwords and credit card numbers generally by trying to impersonate a reputable source over email.

Costa revealed that employees directly hired by its berry category since 2013 or provided by labour hire organisations since 2019 could have been impacted by the August hack.

“Although only approximately 10 per cent of the data on the file server was accessed, it is not clear what specific data was accessed due to the hacker encrypting their downloads,” the company said in a statement.

The sensitive information had been collected to satisfy certain laws relating to the employment of citizens and non-citizens and has been retained as per relevant record retention requirements, it added.

The Australian Cyber Security Centre and the Office of the Australian Information Commissioner had been notified of the attack and Costa said it had limited traffic to servers, increased the level of end point protection and conducted more training to prevent further attacks.

“To minimise impact to individuals from the attack, we have been and continue to conduct continuous monitoring of the dark web to detect if any information from the server has been posted,” the company said.

“We can confirm to date, that we have not identified the publication of any such information.

“We will seek to notify you promptly if our monitoring processes detect this information via a further website posting on the Costa Group website.”

It comes as a growing list of Australian companies have come under attack.

Tax files numbers, bank account information and medical checks from Australian staff working at a security firm called G4S were stolen and posted online earlier this year.

Then there was the data of about 9.8 million customers caught up in the cyber attack on Optus, which included 1.2 million customers that had at least one form of current and valid identification and personal information accessed by hackers.

More Coverage

Optus issues grovelling full-page ad

Frank Chung

Big offer to hacked Optus customers

Samantha Maiden, Catie McLeod and Ally Foster

Further, there were about 900,000 customers who had numbers from expired identification documents stolen, as well as personal information, Optus revealed.

Telstra and NAB also revealed the names and email addresses of current and former employees were accessed by hackers.

Alarmingly, 85 per cent of respondents from Australian businesses reported they had lost up to 10 per cent in revenue due to security breaches in the last 12 months, according to a report from cybersecurity specialists Trellix, which was formerly known as McAfee.