EnergyAustralia customers data exposed after Optus, Medibank cyberattacks by hackers

>

EnergyAustralia becomes the latest victim of a wave of cyber-attacks as it reveals hundreds of customers’ data has been exposed

  • EnergyAustralia said data was released from 323 homes and small businesses
  • The Chinese power giant said the breach was made through its My Account portal
  • Customer accounts contain phone numbers and the last three digits of credit cards
  • The breach is the latest in a series of cyber-attacks targeting Australian companies

<!–

<!–

<!–<!–

<!–

<!–

<!–

One of Australia’s largest energy companies has become the latest victim of a series of cyber-attacks as the private information of hundreds of customers is revealed.

China’s EnergyAustralia announced Friday evening that the personal data of 323 small businesses and private accounts had been hacked.

The breach took place through its My Account portal, the energy company says in statements on its website and social media accounts.

Accounts contain information such as name, address, email address, utility bills, phone number, and the first six and last three digits of credit cards.

The cyber attack comes after the personal data of 11 million Optus and 1 million Medibank customers were hacked in the past two months.

China’s EnergyAustralia issued statements Friday night that the data of 323 small businesses and retail customers had been exposed to a breach

The breach took place through the My Account portal, EnergyAustralia revealed Friday in statements on its website and social media accounts (stock image)

The energy giant, which has 1.7 million electricity and gas customers, mostly in the eastern states, disclosed the breach in a Facebook post Friday.

“Unfortunately, our My Account portal was the target of a cyber incident in September-October 2022, resulting in data exposure for 323 private and small business customers,” the message reads.

EnergyAustralia tried to reassure its customers that the hack had been minimal and that everyone involved had been contacted.

“There is no evidence that information from the 323 customers passed outside our systems during the incident,” the report said.

“No other EnergyAustralia systems were affected.”

The accounts were hacked on September 30 and the affected customers were contacted on October 2.

The energy giant, which has 1.7 million electricity and gas customers, mostly in the eastern states, admitted the breach in a Facebook post titled “Keeping your information safe.”

EnergyAustralia said identification documentation such as driver’s licenses and bank details are not stored in My Account portals (stock image)

EnergyAustralia now requires customers to create 12 character passwords that contain a combination of upper and lower case letters, numbers and special characters.

The energy company said identification documents such as driver’s licenses and bank details were not stored in My Account portals.

The energy giant warned customers not to be fooled by ‘phishing’ scams and fake emails that try to get them to click on real-looking but fraudulent links.

EnergyAustralia hacked – account warning

The data of 323 EnergyAustralia customers was revealed in a new hack of its MyAccount portal.

The company warned customers about the security of their online passwords.

It suggested customers:

  • Create a password of at least 12 characters, with a mix of upper and lower case letters, special characters and numbers
  • Do not use a password that you have used before or for other accounts
  • Don’t share your password with anyone

Source: EnergyAustralia

“At first glance, fake EnergyAustralia emails may seem convincing. They feature our company name, brand logo and colors, and even our ‘View Invoice’ icon which will be familiar to our customers who receive eBills.’

A “phish” is a disguised email that tries to trick you into entering your password on a bogus website or downloading malicious software.

The company’s chief customer officer, Mark Brownfield, apologized for the impact on customers.

“While this incident was limited in terms of affected customers, we take customer information security seriously and have worked hard to implement additional layers of security to ensure the protection of all customer information,” he said.

EnergyAustralia is owned by the China Light and Power Company after it was sold by the Australian government in 2011 for $1.4 billion.

Last month, technology futurist and keynote speaker Shara Evans warned that Australia is an easy target for international hackers.

The tech analyst said one particular weakness was Australia’s habit of sending sensitive data in unencrypted email.

She specifically referred to health care and insurance providers as companies that have substandard practices in retrieving sensitive customer information.

UNSW Institute for Cyber-Security director Nigel Phair agreed that Australia is vulnerable online and said the threat was only growing.

“We need to do much better in Australia when it comes to cybercrime,” he said.

Top 10 Tips From Tech Analysts To Stay Safe Online

Shara Evans is a technology futurist and online security expert. Here are her tips for protecting against hackers

1. Provide basic IT security on devices including antivirus, malware checkers, ransomware checkers, VPN, firewalls.

2. Use different passwords for each website and app. Make them long and complex – uppercase plus lowercase letters, numbers, special characters. Store your passwords in an encrypted password vault.

3. Use two-factor authentication whenever possible (ie: logging into a secure banking portal requires you to provide an authentication code sent to you via SMS or email or requires a SecureID token number)

4. Use multiple email addresses. If you own a domain, it’s easy to set up an email alias (“forwarder”) that names a specific site or type of activity. If compromised, you can disable an email alias address without affecting everything you do. And it will help you identify the source of the leak.

5. Check your credit reports for signs of fraudulent activity – or misinformation.

6. Sign up for a credit/ID protection plan and enter a credit report ban if you have reason to suspect that your ID has been compromised.

7. NEVER click on text or email hyperlinks that you are not absolutely sure are legitimate. Many people get into trouble this way. You can check a compressed link by copying it and entering it into the SEARCH BAR to see what appears. If it is malware, you may see a notification. At the very least check if the source domain looks suspicious, in that case don’t click on it!

8. When uploading sensitive information to a website portal, check for the lock icon (https) – this means that your data is encrypted ‘in transit’ when uploaded to the website. The cybersecurity practices of companies vary widely.

9. If someone calls you and says they are from company X, NEVER give them any information unless you know them and are already expecting a call from a specific phone number or person.

10. NEVER publish your date of birth online! If you have it on social media, REMOVE it now. Unless you’re making an official financial transaction, there are very few good reasons for any party to know your real date of birth, let alone record it.

Related Post