Australian Information Security Incident Reported: August 19 2018

Engineering group RCR Tomlinson took three months to notify the Office of the Australian Information Commissioner that employees’ personal data, including bank account numbers and credit cards, had been accessed in an internet scam despite new laws requiring companies to inform the regulator in “a timely manner.”

Source: RCR Tomlinson sat on staff data breach for three months

OAIC Breach Notification Form: https://www.oaic.gov.au/resources/about-us/access-our-information/foi-disclosure-log/notifications/foireq18-00114-documents.pdf