Australian Phishing Incident, 9 October 2022

The Costa Group, Australia’s leading grower, packer and marketer of fresh fruit and vegetables, has been hit by “a malicious and sophisticated IT phishing attack”

The attack could have resulted in passport, bank and superannuation details being leaked, as also tax file numbers

Company Statement: Costa Cyber Attack
Source: Leading fruit, veg grower Costa Group leaks data after phishing attack | iTWire

View more incidents from Victoria and the Agriculture and Farming sector.

The Costa Group, Australia’s leading grower, packer and marketer of fresh fruit and vegetables, has been hit by what it describes as “a malicious and sophisticated IT phishing attack” which could have resulted in passport, bank and superannuation details being leaked, as also tax file numbers.

In a statement dated 6 October, the company said the attack had taken place on 21 August and it had commenced a review and recovery process with external security consultants from that date onwards.

“As a result of this we have now established that access to data was confined to a single server at the Costa Corindi (NSW) site, which holds data for the berry category, and that only approximately 10% of the data on the Corindi file server was accessed,” the statement said.

Initial protective actions slowed operations, requiring the use of manual workarounds at certain sites and delayed some deliveries. The impacts have largely subsided as we have restored the majority of our network and systems and there was no loss of data, and no material impact to operations, or earnings.

The information was collected in the first instance to satisfy certain laws relating to the employment of citizens and non-citizens and has been retained as per relevant record retention requirements.

Costa has notified the relevant authorities of this attack, including the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.