Data#3 says it has been hit by a non-notifiable cyber incident

Company has made contact with 28 of its impacted customers and says its ongoing operations are fine.
Written by Chris Duckett, Contributor

Australian IT vendor Data#3 informed the ASX on Thursday that it had experienced what it dubbed as a "cyber incident".

"Data#3 Limited advises that it has experienced a cybersecurity network incident, involving an overseas third party, which is currently under investigation," the company said.

"Data#3 has made direct and proactive contact with the 28 customers who have been impacted. Pending the outcome of the investigation, Data#3 may need to take further steps in response to the incident."

In addition to the notice saying the company had contacted the 28 customers that were impacted by the event, it said it was working with a forensic investigator to report on the incident.

Data#3 added its current advice said the event did not need reporting to the Office of the Australian Information Commissioner, as required by Australia's Notifiable Data Breaches (NDB) scheme for breaches that are likely to result in "serious harm". However, the incident was clearly deemed significant enough to inform the stock market.

Need to disclose a breach? Read this: Notifiable Data Breaches scheme: Getting ready to disclose a data breach in Australia

A fortnight ago, Australian job site Seek said it suffered an "internal technical issue" which resulted in users seeing details from other users when logged in.

"We identified an internal technical issue that occurred during a 23-minute period on Monday 10 August 2020," the company told ZDNet at the time.

"During that time period, due to a cache error, incorrect information such as career history and education was able to be viewed across profiles logged in at that time."

Seek said that no names, contact details, or resumes of candidates in Seek profiles were impacted. It added the error impacted fewer than 2,000 Seek profiles, as well as 206 job applications that were being submitted during the period.

The job site said it did not view the incident as a notifiable data breach.

Earlier in the month, Data#3 reported for the full year to June 30 that it saw strong growth in public cloud and software licensing revenues. For the fiscal year, the company reported net profit after tax of AU$23.6 million, up 30.5% from last year's AU$18 million, and earnings before interest and tax being up 32.3% to AU$34 million.

Revenue increased by 15% to AU$1.63 billion, which included AU$581 million of public cloud revenue that lifted by 60.4% from AU$362 million, and AU$985 million of software revenue, which increased by 25% for the period.

Related Coverage

Seek apologises for 'internal technical issue' that exposed user details

But it has no intention of reporting the issue as a notifiable data breach to the Office of Australian Information Commissioner.

1,050 data breaches reported to Australian commissioner in 12 months

As health continues to hold crown as most breached sector in Australia.

Put privacy protections in IPO agreements if Australia hands data to other nations: OAIC

Should an agreement between Australia and a nation without similar privacy protections be struck under the IPO Bill, the OAIC wants clauses added to bring the lagging nation forward.

Lion faces further 'setbacks' as it recovers from ransomware attack

ZDNet understands data purporting to be from Lion is available on the 'dark web'.

Toll's stolen data finds itself on the 'dark web'

Follows the company in January revealing it would revert to manual processes following a ransomware incident.

Editorial standards