Perth Mint

Perth Mint visitor contact information was unlawfully accessed after market research company Metrix Consulting fell victim to a phishing attack, exposing approximately 1,480 visitors' personal details.

What Happened

On 28 January 2020, Metrix Consulting informed Perth Mint that one of its staff email accounts had been unlawfully accessed by an unknown third party through a phishing scam. A file containing visitor contact information was being stored by Metrix Consulting for research and data analysis purposes. This file was attached to one of numerous emails forwarded as part of the unauthorised access.

The compromised information included names of approximately 1,480 visitors, with many records also containing email addresses, home addresses, and phone numbers. The breach occurred entirely within Metrix Consulting's systems; Perth Mint's own IT infrastructure was not compromised.

Impact on Individuals

Affected visitors faced potential risks of receiving phishing emails or unwanted marketing communications. The exposure of contact details could enable social engineering attacks, though no financial or identity information was involved.

Organisational Response

Perth Mint Acting CEO Jane King confirmed affected visitors were notified on 31 January 2020. The organisation reported the breach to Western Australian Police, the Office of the Australian Information Commissioner (OAIC), and the Australian Cyber Security Centre (ACSC) in accordance with Australian privacy law requirements, demonstrating compliance with the Notifiable Data Breaches scheme.