Select Page

Incident: EnergyAustralia portal compromised, details of 323 customers leaked | iTWire

Incident: EnergyAustralia portal compromised, details of 323 customers leaked | iTWire

Australian Energy Utility Incident, 23 October 2022

Electricity and gas retailer EnergyAustralia has disclosed a breach of its MyAccount platform

The company says affected 323 small business and residential customers and was automated through use of a password bot

Company Statement: Frequently Asked Questions – My Account password update and cyber security
Source: EnergyAustralia portal compromised, details of 323 customers leaked | iTWire

View more incidents from EnergyAustralia and the Utilities sector.

In a statement issued on Friday, the company said the breach had taken place on 30 September and it informed customers the following Sunday. The platform was taken offline after the breach was discovered. All customers impacted were contacted on Sunday, 2 October, by SMS and email and were advised to call our contact centre from 9.00am on Monday, 3 October. Follow-up outbound calls to affected customers were also made during the week.

The MyAccount platform stores customers’ names, address, email address, electricity and gas bills, phone numbers, and the first six and last three digits of credit card numbers. The company added that identification documents, such as passport details or drivers’ licence details, were not stored on the platform.

The company has now implemented 12-character passwords for MyAccount users which should have a mix of capital and lowercase letters, numbers and special characters. Prior to the incident, eight-character passwords with a mix of capital and lowercase letters and numbers were used. “However, this incident and other recent cyber incidents have highlighted this is where we need to go with password complexity.”


About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More Australian News

Weekly Australian News and Monthly Incident Review Emails

No advertisements, marketing, sales, or unsolicited emails. Your email address is ONLY used to send the publications listed above.

* indicates required

Share This