Australian Energy Privacy Breach, 15 May 2024

Victorian energy provide Sumo Energy slammed by data breach, as energy and internet customers have details leaked

Personal details of approximately 40,000 customers were compromised, including approximately 3,000 Australian passport numbers

Company Statement: Sumo Data Breach
Source: Sumo slammed by data breach, as energy and internet customers have details leaked | SHM

View more incidents relating to the Utilities sector and from Victoria.

Australian utility provider Sumo has suffered a data breach, the company has confirmed, with customers’ personal information, including credit scores and licence numbers, posted online.

Sumo executive chairman Kel Fitzalan emailed customers on Wednesday, apologising and informing them that an issue with a “third-party file storage application” had caused the breach. According to Fitzalan, information taken included full names, addresses, dates of birth, mobile phone numbers, credit scores and licence numbers. Sumo, which is headquartered in Victoria, is thought to have more than 60,000 customers across its electricity, gas and internet products.

“On Monday 13 May 2024, Sumo became aware of an incident where customer data was accessed by an unknown person via a third-party file storage application used by Sumo. We can confirm that none of Sumo’s systems were affected.

Sumo has sent email notification to just over 40,000 people that Sumo has identified so far who have been impacted. If Sumo does not have an email address or the email address Sumo has is invalid, Sumo will send a letter.”

A poster – who goes by the forum name “OriginalCrazyOldFart” – also linked to a site hosting details of a vast number of accessible Amazon web buckets, where the bulk of the data was stored.