
Incident: RCR Tomlinson sat on staff data breach for three months | AFR

Australian Information Security Incident Reported: August 19 2018
Engineering group RCR Tomlinson took three months to notify the Office of the Australian Information Commissioner that employees’ personal data, including bank account numbers and credit cards, had been accessed in an internet scam despite new laws requiring companies to inform the regulator in “a timely manner.”
Source: RCR Tomlinson sat on staff data breach for three months
OAIC Breach Notification Form: https://www.oaic.gov.au/resources/about-us/access-our-information/foi-disclosure-log/notifications/foireq18-00114-documents.pdf