GeelongPort has been the subject of a cyber attack, resulting in a data breach of its electronically stored information such as visitor induction names and driver licences.
As part of the investigation into the data breach, GeelongPort has identified that personal information held in the compromised account relating to port visitors as part of the induction process, may have been available for access by an unauthorised party.
The investigation has found that on or about 18 April 2019, a GeelongPort employee’s email account was breached causing the account’s contents to potentially be exposed to an unknown third party.
The suspected data breach was then identified on 29 April 2019 and immediate steps were taken to disable the email account and further strengthen security.
After the identification, the IT team commenced an investigation into the eligible data breach. The IT team was able to immediately suspend the compromised account and enable additional security measures.
GeelongPort commenced a formal investigation into the cause of the breach and commenced a review of all data in the account. In conjunction with its IT supplier, further steps are being taken to reduce the risk of any future attacks.
GeelongPort have notified the Office of the Australia Information Commissioner of the incident.