Victoria residents’ data could be exposed after a tech company working with some state departments fell victim to a cyberattack.
PNORS Technology Group, which owns five companies, confirmed that an attack on two of its companies – Datatime Services and Netway Networks – had been discovered on November 3rd.
WATCH THE VIDEO ABOVE: Victorians’ data is at risk after a cyberattack on a tech company.
Watch the latest news on Channel 7 or stream for free on 7plus >>
Datatime Services deals with digital document management, while Netway Networks specializes in managing IT services for companies.
“The affected PNORS Technology Group companies are engaged in document and data capture, digital conversion and managed IT support for a range of external customers, including government agencies,” said Paul Gallo, CEO of PNORS, in a statement.
“In the early hours of Saturday, the criminals behind the cyberattack provided the company with a sample of allegedly stolen data in a private communication.”
A spokesman for the Victorian Department of Premier and Cabinet (DPC) said the government was aware of the incident.
“We continue to support the PNORS Technology Group in determining the extent of the data breach and preventing further incidents,” the spokesman said.
Once the cyberattack was identified, PNORS notified affected customers, contacted state and federal police, and hired outside cybersecurity experts, the technology company said.
The Office of Australian Information Commissioner has also been notified.
Cyber Attack Investigation
Gallo said the extent of the breach is still under investigation.
“We are working closely with all authorities to assess how many of our customers have been affected and what type of data has been stolen,” he said.
“The advice of our independent security experts has confirmed that nothing is publicly available at this time.
“When we were informed of the cyber attack, we immediately shut down and isolated all of our internal systems and took other measures to secure our network and data, as well as halting all data processing.”
The DPC spokesman said the Victorian Government’s Cyber Incident Response Service had been notified.
“Protecting Victorian data and systems is our top priority,” the spokesman said.
“If it is determined that Victorian Government data has been disclosed as a result of this breach, the departments will notify data subjects and provide advice on steps they can take to mitigate risk.”
The potential compromise is the latest in a series of cyber attacks targeting Australian businesses.
Optus, Medibank, Australian Clinical Labs, EnergyAustralia, Telstra and MyDeal have all suffered recent breaches.
While it is apparent that the scale and number of attacks have suddenly increased, it was a guessing game to figure out why, Professor Sanjay Jha, chief scientist at the UNSW Institute for Cybersecurity (IFCYBER), told 7NEWS.com.au last month.
Jha said there may be hints that foreign actors are active, but there has been no evidence.
Instead, it’s possible that the “bad guys” viewed Australia as a “soft target” after the major cyber attack on Optus, when the personal information of about 10 million customers was compromised.
“(Hackers) may have started exploring other companies, or it’s possible they stole credentials, and now they probably have (an) easier task of attacking some of the not-so-secure services in different places,” Jha said.
If you would like to see this content, please customize yours .