The Western Australian Perth Mint recently caught up in a data hack that compromised its customers’ data. According to an official statement, people behind the breach possibly obtained information relating to 13 customers of the mint’s precious metals depository online trading platform from a third-party provider.
“We identified the potential breach on Wednesday this week and immediately began a comprehensive forensic investigation to verify the nature and extent of the breach,” Perth Mint Chief Executive Richard Hayes said in a statement. “We are working with the external third-party provider to understand how this breach occurred and have taken steps to remediate the identified threat.”
Hayes clarified that the ongoing investigation has confirmed all investments at The Perth Mint are secure.
“We are in the process of contacting each of the customers whose data has been accessed. We sincerely regret any distress caused by the misconduct of these unlawful individuals who are responsible for this breach. We have assured these customers that their investments remain safe and secure,” he added.
The Perth Mint is working with the Western Australian Police and Australian Federal Police for investigating on the incident and also notified the Office of the Australian Information Commissioner. Hayes stated that they are monitoring the situation and informing its depository online customer base for further protection.
“We are very disappointed this has occurred but can assure our customers that our systems remain secure and that there is no threat to their account holdings,” Hayes said.
On July 3, 2018, an inspection by the Australian National Audit Office (ANAO) exposed the failure of key Australian government agencies to implement cybersecurity requirements. The ANAO’s fourth report on the cyber resilience of government departments and agencies stated that except the Treasury Department, both the National Archives and Geoscience Australia failed to implement the top four mandatory cybersecurity strategies instructed by the Australian Signals Directorate (ASD). The top four mandatory strategies include application whitelisting, application patching, OS patching, and the control of administration rights.
