An Australian energy company has admitted it is the latest to be hit by a “cyber incident” just days after one of Australia’s largest health insurers revealed customer’s personal details had been stolen.“The incident resulted in the exposure of data for 323 residential and small business customers,” the company said.
“My Account includes the customer’s name, address, email address, electricity and gas bills, phone number and the first six and last three digits of credit cards.
EnergyAustralia said there was no evidence the personal information had been transferred outside of the company’s systems.
Identification documents, including driver’s licences, passports and banking information, are not stored on the platform and remain secure. No other EnergyAustralia systems were affected.
EnergyAustralia chief customer officer Mark Brownfield on Friday apologised to the customers and the concern it may have caused.
“While this incident was limited in terms of customers affected, we take the security of customer information seriously and have been working hard to put in place additional layers of security to ensure the protection of all customer information,” a statement read.
“This now includes the implementation of 12-character passwords. We recognise the transition to more secure passwords won’t be easy for all our customers, however, this incident and other recent cyber incidents have highlighted this is where we need to go with password complexity.”
EnergyAustralia is the latest company to fall victim to a cyber attack after Optus and Medicare were both victims of major data breaches.