The data of Victorians residents could be exposed after a technology company that works with some state government departments was targeted in a cyber attack.PNORS Technology Group, which owns five companies, confirmed an attack had been detected on two of its companies – Datatime Services and Netway Networks – on November 3.
Datatime Services deals with digital document management, while Netway Networks specializes in managing IT services for businesses.
“The impacted PNORS Technology Group businesses deal with document and data capture, digital conversion, and managed IT support for a number of external clients, including government departments,” PNORS chief executive Paul Gallo said in a statement.
“In the early hours of Saturday morning, the criminals behind the cyber attack released to the company, in a private communication, a sample of what is believed to be stolen data.”
A spokesperson for the Victorian Department of Premier and Cabinet (DPC) said the government was aware of the incident.
“We are continuing to provide support to PNORS Technology Group to determine the extent of the information breach and to prevent further incidents,” the spokesperson said.
As soon as the cyber attack was identified, PNORS notified affected clients, contacted state and federal police, and engaged external cybersecurity experts, the tech company said.
The Office of the Australian Information Commissioner was also notified.
Gallo said the extent of the breach is still being investigated.
“We are working closely with all authorities to assess how many of our clients have been impacted and the nature of the data that has been stolen,” he said.
“Advice from our independent security experts has confirmed nothing has been released in the public domain at this point in time.
“When we were informed about the cyber attack we immediately shut down and isolated all our internal systems and took further measures to secure our network and data, along with pausing all data processing.”
The DPC spokesperson said the Victorian Government’s Cyber Incident Response Service has been notified.
“Protecting Victorian data and systems is our highest priority,” the spokesperson said.
“If it is determined that Victorian Government data has been exposed as a result of this breach, departments will notify impacted individuals and provide advice on steps they can take to minimize any risk.”
The potential exposure is the latest in a string of cyber attacks on Australian companies.
Optus, Medibank, Australian Clinical Labs, EnergyAustralia, Telstra, and MyDeal have all suffered recent breaches.
While it’s obvious there has been a sudden increase in the scale and number of attacks, figuring out why was a guessing game, Chief Scientist for UNSW Institute for Cybersecurity (IFCYBER) Professor Sanjay Jha told 7NEWS.com.au last month.
Jha said there could be insinuations there were foreign actors active, but there had been no evidence to suggest that.
Instead, he said, it was possible the “bad guys” saw Australia as a “soft target” following the major cyber attack on Optus, when the personal information of about 10 million customers was compromised.
“(Hackers) may have started to explore other companies or it is possible that they stole credentials and now they probably have (an) easier job in attacking some of the not-so-secure services at different places,” Jha said.