Tuesday, January 19, 2021
Information about recent data security incident
On 9 December 2020, GoldlinQ Pty Ltd (GoldlinQ) was made aware of unauthorised access by an unknown third party to a staff member’s Outlook 365 mailbox.
We were informed that two GoldlinQ mailboxes had been compromised, because of the relevant credentials (email addresses and passwords for the two accounts) being made public via public data breaches unrelated to GoldlinQ. The most likely scenario is that the attacker had obtained the relevant credentials via these public breaches. GoldlinQ took immediate steps to address the breach and investigations show that some personal information was accessed by the third party with the intent of effecting fraud.
GoldlinQ engaged a specialist consultant to assess the unauthorised access and the consultant advised access was gained from at least 8 December 2020.
GoldlinQ’s internet service provider arranged for change of password, confirming that the unauthorised access ceased on 9 December 2020 and no further activity has occurred since this date.
At this stage we have only limited information as to the nature and extent of the breach (including which, if any individuals may have been affected), it is possible some of your personal information was involved. Anyone who is a supplier to GoldlinQ, has other commercial dealings with us or is a contact of the organisation, may be affected.
We are still investigating the incident, however out of an abundance of caution we have decided to issue a public notification concerning the incident so you can take steps to protect your personal information.
What we are doing
Our internet service provider has since assured us that our systems are safe to use and that the previous threat posed by the third party has been contained and eradicated. You can continue to liaise with us as normal.
Following the incident, we have taken immediate steps to protect the information and to rectify the situation. We have a team of experts working to identify how the data may have been compromised and what steps can be taken to prevent a reoccurrence. We are working with relevant authorities to quickly address the data breach.
We sincerely apologise to our contacts and suppliers who may be affected by this incident.
What sort of personal information may have been compromised?
If any personal information was affected, it could include personal details that have been provided to us for the purposes of commercial dealings or transactions with us, or other general communications with us. This could include contact details, financial details and/or other identifying information.
At this stage, we suspect the third party intended to use the information gained to effect fraud, however we have no evidence that any fraud actually occurred.
We do not believe any sensitive information, tax file numbers, or health information was affected . If you have never had any contact or involvement with GoldlinQ, we do not believe you have been affected by this incident based on our investigations.
Immediate steps we recommend you take
If you are a contact of GoldlinQ and/or believe we may hold contact information related to your dealings with us
• Change email account passwords.
• Enable multi-factor authentication where possible.
• Ensure you have up to date anti-virus software on any device you use to access your emails.
• Do not open attachments or click links in emails or social media messages from strangers or if you are unsure that the sender is genuine.
• Do not provide personal information unless you are certain about who you are sharing it with. i.e. if someone calls you from an agency (such as a telco) hang up and call the company back using details from their website.
If you transact with GoldlinQ, are a supplier of ours or have other commercial dealings with us and/or believe we may hold your financial information
• Change online banking passwords.
• Monitor bank account transactions and account statements. Report any unknown transactions to your bank immediately.
We have provided the above information to the Privacy Commissioner as required under the Privacy Act 1988 (Cth).
Should you have any comments or queries please contact us directly on 07 5570 9700 or email firstname.lastname@example.org.