Svitzer makes first public NDB disclosure


By Dylan Bushell-Embling
Monday, 19 March, 2018


Svitzer makes first public NDB disclosure

Shipping company Svitzer has made the first public disclosure of a data leak since the introduction of Australia's Notifiable Data Breach (NDB) legislation, announcing the theft of data affecting nearly half of its Australian employees.

Up to 60,000 emails from three accounts associated with finance, payroll and operations had been compromised to be secretly auto-forwarded to two external accounts for nearly an 11-month period, the company disclosed.

The emails contained sensitive information including tax file numbers, next of kin details and superannuation account information, the ABC reported.

The breach began on 27 May last year and was only detected on 1 March this year after the forwarded emails started to bounce back.

According to the report, Svitzer is investigating the incident and has so far ruled out that it was an internal culprit.

Svitzer disclosed the breach to the OAIC in 15 days, well within the 30-day disclosure window stipulated by the NDB scheme. But the ABC noted that the UK's General Data Protection Regulation (GDPR), due to be implemented in May, gives companies just a 72-hour window to disclose data breaches to the supervising regulatory authority.

Svitzer is a subsidiary of Danish shipping conglomerate Maersk Group, which was itself one of the victims of the global NotPetya ransomware outbreak last June. The attack is estimated to have cost the company up to US$300 million ($389.5 million).

While this was the first public disclosure of a data leak since the NDB legislation was introduced on 22 February, the OAIC reportedly had 31 notifications in the first three weeks of the scheme being in operation.

Follow us and share on Twitter and Facebook

Related Articles

Nation-state actors have their sights on the cloud

Prioritising the protection of credentials and adopting robust security measures can better...

Combating financial crime with AI

Rapid digital transformation across Australia and New Zealand has provided cybercriminals with...

Learning from the LockBit takedown

An international taskforce has seized the darknet sites run by LockBit, but relying on law...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd