Cyber security issues are continuing to grow at an alarming rate. With so many accessing the internet daily, the risk of online crime, stolen information, and exploitation is rising.
Gelos Enterprises, a leading Australian organisation that offers services to Australian businesses, has engaged with Data Trust, a cyber security specialist company, to undertake security testing and audit their cyber security procedures and protocols. They have also been asked to research and report the nature of any cyber security issues impacting their organisation, including the likely causes of all identified issues.
Gelos Enterprises suspects they may have a data breach through a publicly exposed system or service.
Unfortunately, a data breach would mean that the attackers may now have access to data, including details of customers’ personal information.
Gelos Enterprises is concerned that a smaller group of customers may also have stolen their home addresses and government ID, such as passports and driver’s licence numbers. The risk to customers who may have had these official identification documents stolen is huge, largely because hackers can use these documents as identification to apply for a loan or other financial services. Identity theft can have severe ongoing consequences for a person’s finances and credit score.
Gelos Enterprises estimates that the worst-case scenario could mean that up to 3.4 million customers may have their data compromised due to the attack, with 1.38 million severely impacted. Gelos are also concerned that 15,000 valid driver’s licence numbers may have been exposed, including 10,000 customers with highly sensitive personal information such as passport numbers are also exposed and are now at risk.
Incident details
Working from home after a long weekend, Fernando Remi, a senior consultant with the Gelos Enterprises Operations Team, could not access the Gelos network. After multiple attempts, he could finally log on; however, the system was very slow and eventually shut down. This raised concerns for Fernando, who mentioned it to his manager, Chris Smith, who suggested he report the issue to the organisation’s Security Administrator, Lee Dowling. Lee was prompt to respond and wasted no time investigating the issues Fernando described.
After his initial enquires and review, Lee discovered that there’s a high probability that Gelos Enterprises may have experienced a data breach. Lee’s concern is further elevated because highly sensitive customer information may have been compromised.
Upon further investigation, Lee also found that the security controls failed to meet the required organisational standards as most of the software was outdated. Furthermore, he identified that the security patches also need updating. From his findings, Lee concluded that the likelihood of an infected malware was extremely high.
Using his administrator privileges, Lee attempted to rectify the issues himself, to no avail. He then discussed the issues with his colleague Lucas Isaaks from the ICT department, who advised him to report the issue to the IT Security team as soon as possible.
The IT Security Team were immediately alerted, and it was decided that Gelos Enterprises would engage with Data Trust to audit their cyber security procedures and protocols and run thorough security testing.
Leave a Reply