News Media

NEWS & MEDIA ENQUIRIES

CYBER-INCIDENT NOTIFICATION

Alsco Australia is advising its valued business partners, and past and present employees that it was the victim of a cyber-attack that it has been investigating and responding to since it was first discovered in early March 2021.

This notice is intended to supplement direct notifications we have issued to certain individuals since we first discovered the attack, and sets out:

  • What we know about the attack.
  • What we have done in response to the attack.
  • What concerned individuals can do to mitigate any potential harm arising from the attack.

We deeply regret that this attack occurred and are working hard to avoid something like it happening again.

In the early morning of Monday, 1 March 2021, we became aware of a “ransomware” attack against us by a malicious third party. As part of the attack, the attacker alleged that it stole personal information held by us. We believe the majority of this information relates to our branch offices in Alexandria, New South Wales and Footscray, Victoria.

We acted quickly to shut-down the infiltration, restore operations and prevent any further unauthorised access to our systems. The impact on our business operations was minimal.

We also engaged a third-party cyber-forensics team. That team has been working closely with us over the last several months to ensure that the attack is fully investigated, our systems are secure, and we identify individuals whose personal information may have been impacted.

We have been unable to independently verify the attacker’s allegation that it stole personal information based on the forensic review of our systems. We have not come across evidence to suggest that this information has been published online or misused.

However, based on what we do know and the attacker’s standard practice, we have acted on the cautious assumption that it did steal information from us during the attack.

We have undertaken a comprehensive review of the kinds of personal information that may have been impacted by the attack.

Though this took time, it was important for us to conduct the review to allow us to directly notify potentially affected individuals where we have current contact details, and provide mitigation recommendations tailored to the kinds of personal information impacted.

We believe the majority of personal information impacted relates to our branch offices in Alexandria, New South Wales and Footscray, Victoria, in particular, past and present employees.

While the specific kinds of personal information differ at an individual level, we broadly identified the following kinds of information routinely collected by employers: tax-file numbers; bank-account and superannuation details; Medicare numbers; driver licence details; basic contact details, including names, addresses and e-mail addresses; dates of birth; signatures; and employment-related details, such as salaries, positions and employment terms.

We also identified that some of our business partners’ personal information may have been impacted by the attack. Such information mostly relates to business contact details, such as names, and corporate e-mails and addresses. In some limited cases, we came across credit-card details; those business partners have been contacted directly.

In response to the attack, we have:

  • Notified the Office of the Australian Information Commissioner and kept it up-to-date with our response efforts.
  • Directly notified certain individuals and business partners for whom we have current contact details, and otherwise who we believe may be at risk from the attack.
  • Where appropriate, liaised directly with the Australian Taxation Office (ATO) and Medicare to assist individuals effect our harm-mitigation recommendations.
  • Implemented, and continue to implement, measures to further harden our information security as part of our ongoing review of information security and privacy controls.
  • Established a dedicated e-mail address,

It is always a good idea to remain vigilant against threats of identity theft and fraud. While we are not aware of any misuse of personal information that may have been impacted by the attack, below is a list of steps you can take to protect it.

If you are concerned that your personal information may have been impacted by the attack, for example, because you have had dealings with our Alexandria, New South Wales or Footscray, Victoria branches in the past, you should first e-mail us at alscoinformation@alsco.com.au so we can confirm whether this is the case.

  • Call the Australian Taxation Office on 1800 008 540 to notify them of the attack so that they can apply additional protections to your taxation account.
  • Contact your superannuation fund and bank, and ask them what steps you should take in response to the attack.
  • Contact the government agency that issued your driver licence and ask them what steps you should take in response to the attack. In New South Wales, Service NSW can be contacted on 13 77 88.
  • Monitor your financial accounts and check your transaction statements closely. If you come across any suspicious activity, report it to your financial institution immediately.
  • Consider requesting a copy of your credit report to check for any unauthorised loans or applications from Equifax (138 332), Experian (1300 783 684) or Illion (1300 734 806). You may request one free report from these agencies every 12 months.
  • Not respond to any suspicious emails (or click on any attachments or weblinks), telephone calls or social media communications.
  • Do not provide any personal or financial information to any unknown third party.
  • Enable multi-factor authentication and reset passwords on your online accounts, where possible.
  • Visit https://www.cyber.gov.au/acsc/individuals-and-families, scamwatch.gov.au and https://www.oaic.gov.au/privacy/data-breaches/respond-to-a-data-breach-notification/ for additional information about protecting your personal information.
  • (You do not need to contact Medicare. Where appropriate, we have done this on individuals’ behalves.)

In the early morning of Monday, 1 March 2021, we became aware of a “ransomware” attack against us by a malicious third party. As part of the attack, the attacker alleged that it stole personal information held by us. We believe the majority of this information relates to our branch offices in Alexandria, New South Wales and Footscray, Victoria.

We acted quickly to shut-down the infiltration, restore operations and prevent any further unauthorised access to our systems. The impact on our business operations was minimal.

We also engaged a third-party cyber-forensics team. That team has been working closely with us over the last several months to ensure that the attack is fully investigated, our systems are secure, and we identify individuals whose personal information may have been impacted.

We have been unable to independently verify the attacker’s allegation that it stole personal information based on the forensic review of our systems. We have not come across evidence to suggest that this information has been published online or misused.

However, based on what we do know and the attacker’s standard practice, we have acted on the cautious assumption that it did steal information from us during the attack.

We have undertaken a comprehensive review of the kinds of personal information that may have been impacted by the attack.

Though this took time, it was important for us to conduct the review to allow us to directly notify potentially affected individuals where we have current contact details, and provide mitigation recommendations tailored to the kinds of personal information impacted.

We believe the majority of personal information impacted relates to our branch offices in Alexandria, New South Wales and Footscray, Victoria, in particular, past and present employees.

While the specific kinds of personal information differ at an individual level, we broadly identified the following kinds of information routinely collected by employers: tax-file numbers; bank-account and superannuation details; Medicare numbers; driver licence details; basic contact details, including names, addresses and e-mail addresses; dates of birth; signatures; and employment-related details, such as salaries, positions and employment terms.

We also identified that some of our business partners’ personal information may have been impacted by the attack. Such information mostly relates to business contact details, such as names, and corporate e-mails and addresses. In some limited cases, we came across credit-card details; those business partners have been contacted directly.

In response to the attack, we have:

  • Notified the Office of the Australian Information Commissioner and kept it up-to-date with our response efforts.
  • Directly notified certain individuals and business partners for whom we have current contact details, and otherwise who we believe may be at risk from the attack.
  • Where appropriate, liaised directly with the Australian Taxation Office (ATO) and Medicare to assist individuals effect our harm-mitigation recommendations.
  • Implemented, and continue to implement, measures to further harden our information security as part of our ongoing review of information security and privacy controls.
  • Established a dedicated e-mail address,

It is always a good idea to remain vigilant against threats of identity theft and fraud. While we are not aware of any misuse of personal information that may have been impacted by the attack, below is a list of steps you can take to protect it.

If you are concerned that your personal information may have been impacted by the attack, for example, because you have had dealings with our Alexandria, New South Wales or Footscray, Victoria branches in the past, you should first e-mail us at alscoinformation@alsco.com.au so we can confirm whether this is the case.

  • Call the Australian Taxation Office on 1800 008 540 to notify them of the attack so that they can apply additional protections to your taxation account.
  • Contact your superannuation fund and bank, and ask them what steps you should take in response to the attack.
  • Contact the government agency that issued your driver licence and ask them what steps you should take in response to the attack. In New South Wales, Service NSW can be contacted on 13 77 88.
  • Monitor your financial accounts and check your transaction statements closely. If you come across any suspicious activity, report it to your financial institution immediately.
  • Consider requesting a copy of your credit report to check for any unauthorised loans or applications from Equifax (138 332), Experian (1300 783 684) or Illion (1300 734 806). You may request one free report from these agencies every 12 months.
  • Not respond to any suspicious emails (or click on any attachments or weblinks), telephone calls or social media communications.
  • Do not provide any personal or financial information to any unknown third party.
  • Enable multi-factor authentication and reset passwords on your online accounts, where possible.
  • Visit https://www.cyber.gov.au/acsc/individuals-and-familiesscamwatch.gov.au and https://www.oaic.gov.au/privacy/data-breaches/respond-to-a-data-breach-notification/ for additional information about protecting your personal information.
  • (You do not need to contact Medicare. Where appropriate, we have done this on individuals’ behalves.)