Australia Post on Thursday experienced a handful of failures across its business, with reports people were receiving parcels not addressed to them and the addressees unable to redirect the delivery online.
The postal service's online portal went down, with a message reading, "We're updating this right now. Won't take too long. Please try again later." when customers attempted to track the status of their delivery.
The notice was later updated to confirm technical issues were behind the downing of its parcel tracking system.
Customers were reporting problems with Australia Post since just after 10:00am AEST.
On Twitter, Australia Post said it was aware of issues across its tracking website and associated apps and that it was "working hard to get the tracking back up and running as soon as possible and apologise for the inconvenience caused".
"We're currently experiencing technical issues which are impacting parcel tracking. We are working hard to resolve this issue as quickly as possible," a notice on the government-owned entity's website reads.
"We will provide updates as details are confirmed and apologise for the inconvenience."
Australia Post told ZDNet the technical issues were not malicious in nature.
"We're currently experiencing technical issues which are impacting parcel tracking. This is related to an update made to our tracking tool this morning and is not malicious in nature," a spokesperson said.
They followed up by saying the issue was resolved at around 6:30pm AEST on Thursday.
Earlier on Thursday, the organisation published its financial results, seeing group profits before tax climb 30% to AU$53.6 million.
Revenue also increased over last year by 7% to reach AU$7.5 billion. Australia Post said its revenue increase was boosted by further e-commerce growth during COVID-19, accounting for growing losses in its letters business.
Domestic Australia Post branded parcels rose 25% to just over AU$2.4 million.
"In the second half of the year parcel revenues were boosted by the continued growth of e-commerce as consumer demand grew as families adapted to lock down restrictions and more businesses went online as their physical stores hibernated," Australia Post said in delivering its results.
"And while the growth in e-commerce has been a strong driver behind this year's financial result, we have had to make changes to ensure our workforce and network can operate as efficiently and safely as possible. The pandemic has also severely impacted our ability to deliver across the country on time."
The postal service was previously labelled by the Australian National Audit Office (ANAO) as not effectively managing cybersecurity risks, with a report highlighting weaknesses in its implementation of a risk management framework.
Since the recommendations were made, chief information security officer Glenn Stuttard said Australia Post has taken a number of steps to rectify this, such as conducting maturity level assessments against the Essential Eight controls for mitigating cyber attacks, reconfirming its critical application list and control scope for assessment of business critical and security ranked critical applications, and conducting reviews internally.
In May, Australia Post said it had seen around 300 cyber incidents since January, but that none were enough to cause it to suffer the same fate as the likes of Toll.
Stuttard at the time said from January 1 to March 30, the organisation had no incidents that were considered to be of "extremely high" impact.
"But we did respond to over 300 individual cyber incidents that we see in our systems and most of those come from things like SMS phishing campaigns," he said. "Text messages that bad actors might send to you try and get you to click on a link and give up your credentials and similarly through email phishing campaigns, so we're dealing with these types of things on a daily basis, and defending those."
He said it was quite a substantial number and that the postal service didn't have any "high" or "extreme" impacts over that period of time.
Stuttard said Australia Post has not specifically seen any evidence in the past few years of state actors attempting to "hack" or "attack" its systems. But he did say there would be a substantial disruption to its functions should it fall victim to a serious attack.
Updated at 3:30pm AEST, 28 August 2020: Added remarks from Australia Post.
MORE FROM THE POSTAL SERVICE
- AusPost reported 300 cyber incidents this year, but nothing to cause major disruption
- AusPost touts 'business-led cybersecurity risk culture' ahead of committee probe
- Australia Post a 'trusted' service provider for government identification
- Australia Post looks to peer endorsement for Digital ID
- Geoscience Australia embedding staff within Australia Post to learn its 'culture'
- Sorry we missed you: Australia Post pondering blood deliveries by drone
- Australia Post wants more of your data than it already has
- Australia Post details plan to use blockchain for voting