Yesterday, Svitzer Australia advised the MUA that it was the victim of data theft impacting three Australian employees email accounts. Svitzer Australia advised that they had stopped the theft within five hours of becoming aware, however details of some 600 employees were leaked, 400 of those including details such as bank account details and tax file numbers.
The matter involved theft of emails which were being auto forwarded to two external accounts between 27 May 2017 and 1 March 2018.
Svitzer have written to the MUA this yesterday and advised that:
“Since becoming aware of this incident, Svitzer Australia has taken the following actions:
- We engaged advisers, including forensic experts, to assist with identifying the extent of the data theft, and to conduct a comprehensive investigation.
- We made an urgent application to the Federal Court of Australia to block further access to the account through the provider. This process was successful and served this morning.
- We notified the Office of the Australia Information Commissioner and are working with it in relation to this incident.
Svitzer Australia takes employee privacy very seriously. We are taking all necessary steps to ensure we support those affected. want to make it clear that as part of the investigation, and consistent with company policy, no emails have been read by anyone in Svitzer Australia, including management. The investigation is being undertaken by specialist lawyers. Svitzer Australia email accounts are safe to use. Furthermore, the forensic investigation has determined that no other Svitzer applications or systems have been compromised. Since November 2017, all Svitzer systems and servers have been hardened and multi-level authentication access processes have been applied, effectively minimising the risk of similar unauthorised access going forward.”
Assistant National Secretary Ian Bray has been contacted by Svitzer today to advise of the breach. In turn, the MUA National Office has relayed to the Branches that Svitzer have confirmed that they will be doing the following:
- A letter to employees will be sent out
- A letter to the maritime unions will be sent out
- Employees that have been directly affected by the leak will be contacted personally and informed what details of theirs has been leaked.
- No emails that are part of the 50000 bundle of leaked emails will be read by management and will only be sited by the forensic IT company to determine all personal information that has been leaked is identified so those affected can be informed
- The ATO has been briefed and employees who have had their TFN leaked will be asked to contact the ATO to discuss how their personal situation will be managed.
- Svitzer has set up a team in HR to deal with working through each employees requirements to ensure identity theft is managed post haste
- A web site has been set up for all employees to access updates and relevant information. http://www.svitzeronlinehelp.com
Svitzer also advised that they will continue to work with the union and implement all reasonable measures to protect our members private information.
In the first instance, if any members are aware of suspicious activity linked to the data breach, it should be taken up directly with the port manager as well as the Svitzer HR team with the support of your delegate.
If members are facing any hurdles, it should then be referred back to your Branch for assistance. Any higher level issues that cannot be resolved will be taken up directly between MUA National Office and the Svitzer Managing Director.
Paul Garrett MUA