This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Certis Security Australia

Summary

Certis Security Australia suffered a breach of its email systems in November 2023 when personal information of some employees and partners was accessed by an unknown third party. The company stated that no customer data was affected. The breach was potentially linked to ransomware delivered via a phishing email, prompting the organisation to engage cybersecurity experts for investigation and remediation.

What Happened

Certis Security Australia's email systems were compromised by an unknown third party in November 2023. The breach appeared to have originated from a phishing email that potentially delivered ransomware to the organisation's systems.

The attack targeted the company's email infrastructure, allowing unauthorised access to communications and information stored within compromised email accounts. The incident was contained to email systems rather than affecting broader operational or customer-facing systems.

Impact on Individuals

The breach exposed personal information of some Certis employees and partners, including names, addresses, dates of birth, phone numbers, and Tax File Numbers. The inclusion of Tax File Numbers made this breach particularly concerning, as these identifiers can be used for identity theft and fraudulent tax activities.

Certis Security Australia emphasised that no customer data was affected by the breach, limiting the impact to internal personnel and business partners. However, the sensitivity of the exposed employee data, particularly Tax File Numbers, created significant privacy and security risks for affected individuals.

Organisational Response

Certis Security Australia took proactive measures in response to the breach and engaged cybersecurity experts to investigate the incident and implement remediation measures. The company worked to secure its email systems and prevent further unauthorised access.

The organisation notified affected employees and partners of the potential exposure of their personal information. Certis also clarified that customer data remained secure, helping to maintain confidence among its client base in the security services sector.

Verification Source: View original statement