Customer details exposed in EnergyAustralia cyberattack

Shadowy figure sits in front of computer monitors (energyaustralia)
Image: Shutterstock

Electricity and gas retailer EnergyAustralia has disclosed a breach of its MyAccount platform, a cyberattack that affected 323 small business and residential customers.

It’s the latest in a spate of major Australian companies having their systems breached by cyberattacks, following Optus, Medibank and AHM.

Related article: Russian Conti hackers claim CS Energy cyberattack

EnergyAustralia has commenced implementing 12-character passwords on its My Account online customer platform following the cyberattack that resulted in unauthorised access to 323 customer accounts, including names, addresses, email addresses, electricity and gas bills, phone numbers and the first six and last three digits of credit cards.

“There is no evidence that customer information was transferred outside of EnergyAustralia’s systems, and importantly, identification documentation, such as driver’s licences or passports, and banking information, are not stored on My Account. This information remains secure. No other EnergyAustralia systems were affected,” the company said in a statement.

EnergyAustralia Chief Customer Officer Mark Brownfield said, “We apologise for the concern that this issue may have caused our customers.

“While this incident was limited in terms of customers affected, we take the security of customer information seriously and have been working hard to put in place additional layers of security to ensure the protection of all customer information.

Related article: Connecting EVs to grid could present cyberattack risk

“This now includes the implementation of 12-character passwords. We recognise the transition to more secure passwords won’t be easy for all our customers, however, this incident and other recent cyber incidents have highlighted this is where we need to go with password complexity.”

EnergyAustralia said relevant regulatory authorities and government agencies had been briefed on the MyAccount issue.

Previous articlePlanning for renewables—falling between the talkfest chairs
Next articleAustralia signs pledge to cut methane emissions by 30%