50,000+ emails, data breach at major Australian shipping company
In what might be the first report made under the new mandatory data breach laws an Australian shipping company has revealed that tens of thousands of it’s emails were auto-forwarded without permission.
We have seen this a number of times where a person’s email becomes compromised and the attacker sets up an auto-forward rule so that they can monitor the victims emails without alerting the victim to what is happening. The information that they learn from this eavesdropping is then used in a future extortion attempt.
The story below courtesy of abc.net.au :
The shipping company Svitzer has suffered a significant data breach affecting almost half its Australian employees.
It is among the first incidents to be disclosed under Australia’s new notifiable data breaches scheme.
For almost 11 months, emails from three Australian employee email accounts were secretly auto-forwarded outside the company. The perpetrator has not yet been identified.
The hack, which began May 27 last year, affected accounts in finance, payroll and operations.
Svitzer’s head of communications, Nicole Holyer, said the company stopped the email theft after being alerted on March 1 this year.
Forensic IT experts have been called in to investigate.
The sensitive personal information of around 500 employees was affected. Svitzer employs about 1,000 people in Australia.
Lost details may have included tax file numbers, superannuation account numbers and the names of next of kin.
Staff are being informed of the breach today.
“Our absolute priority is our employees. We are offering the highest levels of support to those affected,” Steffen Risager, managing director of Svitzer Australia, said in a statement.
About 50,000 to 60,000 emails may have been forwarded outside the company, Ms Holyer said.
The investigation is still ongoing, however, and the company is determining the scope of the hack.
“Svitzer’s IT help desk received a call from an employee about a suspicious email rejection notice from an external email account,” Ms Holyer said.
“We then identified, after an investigation, that an email rule had been created on three Svitzer Australia employee accounts to automatically forward emails to two external email accounts.”
Ms Holyer said the perpetrator also introduced supporting rules to delete the forwarded emails.
The compromised email account owners couldn’t see that their emails were being forwarded.
The perpetrator of the data breach has not yet been identified.
“We’ve ruled out that it was someone internally,” Ms Holyer said.
As part of its investigation, the company also served a court order today to the company that hosted the external email addresses to grant investigators access.
Ms Holyer could not name the email provider, but clarified that it was one that many people used.
Svitzer, which is part of the Danish shipping conglomerate Maersk Group, employs about 4,000 people globally.
In June 2017, Maersk’s IT systems were infected by the NotPetya ransomware as part of the global cyberattack.
Svitzer incident not typical
Security analyst Troy Hunt, who runs the website Have I Been Pwned?, which allows people to search whether their personal details have been lost in a data breach, said the Svitzer situation was not a typical one.
“Most of the data breaches that I deal with … are malicious attacks against systems where large volumes of data are taken,” he said.
“We’re sometimes talking hundreds of millions of records in one go.”
In this case, the exfiltration appears to have occurred record by record.
“It is a little bit unusual to see information filtered out this way,” Mr Hunt added.
“One of the interesting things here is that many organisations configure their mail environment such that you cannot forward automatically to external addresses precisely because of things like this.”
Under Australia’s notifiable data breaches scheme, which went into effect in February, companies must disclose such incidents to the Office of the Australian Information Commissioner.
Companies or government agencies must reveal a breach if the data includes personal information that is likely to result in serious harm.
Ms Holyer said the OAIC was informed today.
There were 15 days between the breach being discovered and disclosed to the OAIC, and Mr Hunt said this is one of the gripes he has with the new scheme.
Companies generally have a maximum of 30 days to conduct an assessment once a breach is discovered.
In May, Europe is implementing data breach rules in the General Data Protection Regulation, he pointed out.
“That prescribes 72 hours [that companies have until disclosure to the supervising authority]. That is a tenfold difference.”
An OAIC spokesperson confirmed Svitzer provided a data breach notice today.
“The OAIC will assess the information in the notification and decide if any further action is required,” she said.
Our Services
Managed IT Support
Our fixed price Managed IT Support Programs will increase your businesses competitiveness and efficiency with our I.T. Professionals on call for you 24/7.
Same Day On-Site Support
Class leading response times ensure your that when things do go wrong we’ll be there in a hurry so you can get on with doing what your business does best.
Security and Data Protection
Custom designed security and data backup systems protect your business from emerging threats and gives you peace of mind.
Hardware and Software
We supply, install and maintain hardware and software from all major vendors including Hewlett-Packard, Microsoft, IBM, Intel and Dell all with our 30 day reconfiguration guarantee.
Testimonials
Your work last week was amazing. You couldn’t have been more supportive or expert in your conduct. I am very grateful and am amazed at your generous invoicing of last week’s work. I can only repay you by recommending you to as many people as possible.
Thank you. It is refreshing to know that when a problem occurs, you are always there – with great service.
Keran
My business has grown from 3 stores to 5 stores over the last 3 years; one of the unfortunate consequences of this has been the fact that our old server and network could not cope with the growth. After much deliberation we chose Australia Wide I.T. to not only arrange the supply and installation of our new network, but to also provide long term support. We have been very pleased with our decision and would happily recommend them.
Bruce
Attentive and thorough, Australia Wide I.T. get onto any of our I.T. problems quickly – with prompt, friendly and efficient service. Whenever we need to upgrade, we know we can trust their knowledge in supplying flawless new equipment that always works both physically, and to suit our needs.
Alison
A very big thank you from me to all of the guys there….You make things so easy for us and are always available to help.
A massive shout out to the Nash though for fixing our printer – you nailed it Nash and not only changed MY life, but also helped to save some trees in the Amazon Forest!
Thanks to you all.
Jo
All good as usual, keep up the professional service.
Diana
The team at AWIT deliver nothing but breathtaking service!!!!
Brett
They’ve gotten to know our business so well and they’re truly interested in helping us. It’s like having our own I.T. Department in-house. Australia Wide I.T. takes a personal interest in our team, our business and where we’re going. They’re like family.
Other I.T. companies just didn’t seem to have the same depth of knowledge as these guys. Rather than blame the user (us) they go the extra mile, locate the problem and fix it – Every time!
Coral
Thanks for all your help today. Your patience & tenacity for solving the problem is greatly appreciated.
Jacinta
Very much appreciate your very quick response today. It was pay day today and I was a bit worried (that we wouldn’t be able to process the pays) but because of you all is well, so a big thanks.
Dale
We would recommend you to anyone, anytime.
Thank you all so very, very much for all your support. Not to mention bringing back my files to my Company. I cannot thank you guys enough.
Thanks again.
Leigh