We think it is important to let you know that, unfortunately, we were recently the victim of a ransomware attack and it is possible that information we held may have been stolen. We are notifying you as a precaution, so you can take steps to protect your information from any risk of misuse.
Our internal servers were the subject of a sophisticated ransomware attack by a group known as DarkSide in the early hours of 21 April 2021. As you may have heard, DarkSide is a “professional” ransomware group widely reported to have been behind malicious attacks on the Colonial Pipeline Company, Toshiba Tec Corporation and many others in recent months.
It is common for ransomware attackers to take copies of information from a target’s system before encrypting it, and DarkSide is reported to operate in that way. We therefore have to assume that information may have been stolen by the hackers, although unfortunately we have been unable to determine the extent of any information theft.
We deeply regret any inconvenience or concern caused by this incident.
What information was involved?
The information the hackers may have stolen includes:
- customer names, addresses, contact details (eg phone numbers, email addresses and the name of any customer representative), contract information and order information; and
- the names, addresses, contact details (eg phone numbers, email addresses and the name of any supplier representative), contract information, order information and bank account information of people (including companies) who supply goods or services to us.
We do not believe that information held in our systems which run on servers outside BLK has been compromised. In particular, we do not believe that usernames and passwords for BLK’s online ordering system, or credit card or other payment information which may have been input into that system, have been stolen.
Our policy has been to discourage people from providing credit card information to us by email, and to promptly delete any emails which do contain credit card information. However, we believe the hackers may have obtained access to our email archival system, so unfortunately it is possible that information provided to us by email may have been compromised.
How have we responded?
As you would expect, we reported the attack the Australian Cyber Security Centre (the Federal Government’s lead cyber security agency) and we have worked with external information security experts to contain the incident and investigate the extent to which any information has been compromised. We intend to assist any law enforcement investigation.
We have decommissioned the affected servers and are in the process of moving to managed off-site servers housed in high security data centres, and installing additional hardware and software to provide increased protection for our network. Regrettably, cyber-attacks are a fact of life in today’s world, and we will work diligently to continually improve our systems and keep your data as safe as possible as new threats emerge.
If any further information about the attack on us comes to light which is significant to our customers, suppliers or anyone else we deal with, we will communicate with anyone who is potentially affected.
What should you do?
Given the types of information which may have been stolen, please be alert to the possibility of “phishing” and similar scams. Commonly, these scams work by someone contacting you (by email, telephone, SMS, etc) and trying to trick you into providing them with information, such as your credit card details, by claiming to be from a legitimate business which needs to verify or update your information, and attempting to win your trust by using stolen information to give you the impression they are legitimate because they already know information about you. For more information about phishing scams and how to avoid them, please see the Australian Competition and Consumer Commission's Scamwatch website at https://www.scamwatch.gov.au/types-of-scams/attempts-to-gain-your-personal-information/phishing
Please also be alert to any possibility of anyone fraudulently applying for credit in your name or otherwise pretending to be you. Thieves can often find out a lot about you from publicly available sources anyway, and any stolen information just adds to the information a thief may be able to access. The Office of the Australian Information Commissioner has more information about this sort of fraud, including how you may be able to obtain a free credit report or put a ban on your credit report, at https://www.oaic.gov.au/privacy/data-breaches/identity-fraud/
If you receive any email which appears to be sent by us or on our behalf which seems at all unusual, do not click on any links in the email and do not reply to it. Please forward a copy of the email to us at email@example.com so we can check it.
While we do not believe user account names and passwords for our online store have been compromised, as a precaution you may wish to change your password. If you have used the same account name and password for other systems, you may wish to change your password for those systems too.
To help protect your online identity, you may also wish to consider using specialist digital identity protection software and services. There are a number of commercial options available, and information about them can be found online.
If you have ever provided your credit card information to us by email, your credit card transaction history contains any unexpected or suspicious transactions, or you have any other concern your credit card information may have been misused, please contact your bank or credit card provider immediately and follow their advice.
You may wish to visit the Australian Competition and Consumer Commission's Scamwatch website at https://www.scamwatch.gov.au/get-help/protect-yourself-from-scams/ for general tips on identifying and avoiding scams.
You may wish to visit the Office of the Australian Information Commissioner’s website at https://www.oaic.gov.au/privacy/your-privacy-rights/tips-to-protect-your-privacy/ for recommendations on how to protect yourself and your information.
You may wish to visit the Australian Cyber Security Centre’s website at https://www.cyber.gov.au/ for information about protecting yourself online and alerts about new threats in the digital world.
If you have any questions, please contact us at firstname.lastname@example.org.
BLK International Pty Ltd
26 May 2021