NewsBite

Updated

EnergyAustralia hacked after data stolen from Medibank, Optus

Hundreds of people have had their data exposed in a cyber attack on electricity company EnergyAustralia.

Angie RaphaelAngie Raphael
@AngieRaphael
less than 2 min read
5:52PMOctober 21, 2022.
Updated 6:11PMOctober 21, 2022
NCA NewsWire
Print
Medibank apologises to customers for data hack

EnergyAustralia has become the latest company to fall victim to a cyber attack, with hundreds of people impacted.

The electricity company said the breach involved unauthorised access of the online platform My Account, exposing the data of 323 residential and small business customers.

Accounts include the customer’s name, address, email address, electricity and gas bills, phone number, and the first six and last three digits of credit cards.

Users are now required to implement 12-character passwords, including a mix of capital and lower case letters, numbers and special characters.

EnergyAustralia is the latest Australian company to be targeted by hackers.
EnergyAustralia is the latest Australian company to be targeted by hackers.

Previously, one eight characters were required for passwords.

EnergyAustralia said there was no evidence customer information was transferred outside of the company’s systems.

Identification documentation, such as driver’s licences and banking information, are not stored on My Account.

The incident happened on September 30 and the affected users were contacted by October 2.

Regulatory authorities and government agencies have also been briefed.

Many people have been impacted by recent cyber attacks. Picture: iStock
Many people have been impacted by recent cyber attacks. Picture: iStock

EnergyAustralia chief customer officer Mark Brownfield apologised for the concern caused to customers.

“While this incident was limited in terms of customers affected, we take the security of customer information seriously and have been working hard to put in place additional layers of security to ensure the protection of all customer information,” he said.

“This now includes the implementation of 12-character passwords.

“We recognise the transition to more secure passwords won’t be easy for all our customers, however, this incident and other recent cyber incidents have highlighted this is where we need to go with password complexity.”

It comes after Medibank and Optus were both victims of major breaches.

Medibank said it was contacted by a criminal claiming to have stolen 200GB of data.

Medibank has also been hacked. Picture: NCA NewsWire/Paul Jeffers
Medibank has also been hacked. Picture: NCA NewsWire/Paul Jeffers

Data includes first names and surnames, addresses, dates of birth, Medicare numbers, policy numbers, phone numbers and some claims data.

The criminal claims to have stolen other information, including data related to credit cards, which has not yet been verified.

This cyber incident is now the subject of an investigation by the Australian Federal Police.

Optus has appointed the firm Deloitte to conduct an independent external review of its recent cyber attack, as well as its security systems, controls and processes.

Read related topics:Medibank
Angie Raphael
Angie RaphaelReporter

Angie Raphael has almost two decades of experience as a journalist. Angie began her career in regional and community newspapers, then worked at the Australian Associated Press for 10 years before joining NCA NewsWire in Perth. Angie has specialised in court reporting, politics and entertainment, as well as covering bushfires, shark attacks and other disasters. Fun fact: Angie has never lost a chocolate eating challenge.

More related stories

Original URL: https://www.theaustralian.com.au/news/latest-news/energy-australia-hacked-after-data-stolen-from-medibank-optus/news-story/7fd668f480e8ab0b8c227fd772ed530f