Another Australian firm hit by data breach

Another Australian firm hit by data breach

Another Australian firm hit by data breach | Insurance Business Australia

Cyber

Another Australian firm hit by data breach

Cyber insurers and brokers have another example to send to their clients

Cyber

By
Roxanne Libatique

Another Australian firm – Early Settler, a furniture retailer – has been bit by a data breach, an example that cyber insurance companies and brokers may send to their clients to emphasise the importance of staying protected against cyber risks.

In an exclusive report from Cyber Daily, Early Settler confirmed a data breach that resulted in customer names and contact details being posted on a hacking forum.

“Earlysettler.com.au (esrgroup.com.au) is a big furniture and retail company in Australia,” worry posted, under the title “Earlysettler.com.au 1m.”

The user added: “Dumped in July 2024 by me, total users 1.1M. Contains full names, emails, phone, address, dob, etc.”

The hacker provided a link to sample data, mostly comprising internal loyalty rewards information, customer reference numbers, and several survey results. Most fields in the sample data were empty.

While some email addresses had been exposed in prior data breaches, others were unique to this event. The data was listed for sale at US$2,000, with contact details provided for potential buyers.

Early Settler addresses data breach

An Early Settler spokesperson confirmed the breach.

“Early Settler has become aware that a third party has named our company online alongside claims they have accessed some of our customers’ contact information. We understand this news may cause concern and wish to assure our customers that we are investigating this as a priority, including a review of our security systems as a precautionary measure,” the spokesperson told Cyber Daily.

See also  Insurance Business reveals tie-up with LAAIA and APIW

The spokesperson said that the breached data includes names, phone numbers, email addresses, delivery addresses, and dates of birth. However, they stressed that no payment details were compromised, as the company does not store credit or bank card information.

The breach involved data from an archived database dating back to July 2022, with no customer information from beyond that date affected. The dataset includes complete dates of birth for a small number of customers and month of birth for some.

“We apologise for any concern that this news may cause and would like to assure our customers that we have no evidence of any broader impact to our systems or information,” the spokesperson for Early Settler said, as reported by Cyber Daily.

The company said it will notify its customers. Authorities, including the Office of the Australian Information Commissioner (OAIC), the Australian Cyber Security Centre (ACSC), the New Zealand Office of the Privacy Commissioner (OPC), and CERT NZ, have been informed.

“We take cybersecurity seriously and are committed to keeping all our stakeholders updated as we work to respond to this incident,” the company said. “We would like to assure our customers that we are taking all appropriate steps to remediate this situation as swiftly as possible and have also implemented sophisticated monitoring systems to ensure we are aware of any further developments.”

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!