Major Data Breach at Trans-Tasman Company Spotless

Major Data Breach at Trans-Tasman Company Spotless

A major data breach has exposed personal details of the staff of Spotless, a Trans-Tasman catering and cleaning company. 

In an email on Thursday, Spotless confirmed it was a ransomware attack. The company said hackers may have obtained past and present staff members’ passport and IRD numbers and other personal information. This stolen data is sufficient to present a “very high risk” of identity theft.

The company alerted its employees by email. As many of the company’s staff speak English as a second language and perhaps checks email sporadically, some portion of impacted individuals would likely miss the communication.

Netsafe chief executive Martin Cocker said the stolen data suggests the hackers had got access to the company’s HR files. If so, there was a risk of criminals applying for credit and buying services using people’s identities.

“There is a high risk to the subjects of the attack of future identity theft,” Cocker said. “If they have taken that much personal data, it is pretty high risk to the individual, so we would suggest people go through a process of trying to reduce that risk.”

Internet law expert Rick Shera said it was serious a privacy breach, “and given the type of information involved and the number of people involved it would be classed a serious breach, there wouldn’t be any doubt about that.” He said a hacker could get access to the victim’s RealMe account, the online ID used with the government services. 

Spotless said it had notified government cyber-security bodies in Australia and New Zealand, the Privacy Commissioner and the Australian Information Commissioner. 

Spotless assured it “immediately engaged cyber-security experts to conduct a forensic investigation.” The company said, besides passport details and tax numbers, stolen data could have included names, email addresses, phone numbers, and residential addresses.

Spotless admitted that passport numbers can be used to “take out lines or credit or otherwise conduct fraudulent transactions”.

The company appolgized for the incident and oadvised its staff to change passwords and use multi-factor authentication. 

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.