Skip to main content

Security Breach of ALARA Emails

 

ALARA

 

 

Hello ALARA Member

I am contacting you in relation to a cyber incident reported to us by our email exchange provider, iiNet, which resulted in unauthorised access to our corporate email service.

I regret to inform you that certain information relating to you could have been subject to the unauthorised access. This notice contains details of the cyber incident and the information we believe to have been affected, as well as important recommendations for securing your information.

Background

On 13 December 2022, iiNet publicly announced that it had detected unauthorised access to the iiNet Hosted Exchange service, which hosts email accounts for up to 15,000 iiNet business customers, including Action Learning, Action Research Association (ALARA).

iiNet reported that it was undertaking a review to identify which customers were affected and would contact those customers as more information became available.

This week (2 February), iiNet contacted ALARA to advise that our email service was one of a number of business email services that had been impacted by the cyber incident. We are informed that an unknown threat actor specifically targeted mailbox items which appeared to relate to financial and cryptocurrency information and accounts and we understand that this information was the main focus of their attention.

What information relating to you was affected?

iiNet has analysed the mailbox items which appear to have been the subject of unauthorised access by the threat actor. Unfortunately, the items appear to include information about ALARA's bank account (information included on invoices, for example), but does not appear to include information about members or their accounts.

The breach involved just the email traffic and not ALARA's websites. As mentioned, the hackers were apparently seeking information that could gain them financial access - passwords, bank account details, etc. ALARA does not retain this type of information, but some members may have provided bank account details via email, and may have had email correspondence about passwords during the two years that the hacking was occurring. ALARA is being ultra-cautious and advising members of the breach, and recommends taking the actions outlined below.

iiNet has engaged cyber experts to conduct dark web monitoring. According to these experts, there is currently no evidence to suggest that any personal information has been made publicly available (including on the dark web) as a result of the incident. The experts will continue to perform dark web monitoring and iiNet will advise ALARA if this position changes.

ALARA appreciates that this news is very concerning and iiNet has apologised unreservedly for the incident. They have notified ALARA about it so that it can take steps to protect the affected information. They also provided some guidance and recommended security measures stated below that you may wish to take.

Response to the incident

iiNet has advised that on becoming aware of the incident, it:

  • implemented measures to stop the unauthorised access and put in place further enhanced security controls;
  • engaged external forensic assessors and other experts to help with its investigation of the incident and its assessment of which customers had been affected; and
  • notified relevant government authorities, including the Australian Federal Police, the Australian Cyber Security Centre and the Office of the Australian Information Commissioner, about the incident.

Protecting your information

An FAQ document, which includes a practical guide is available here. The document sets out some of the actions you can take to help protect the affected information, including updating your passwords to the ALARA sites and bank and credit card accounts.

The guide includes general security recommendations, and more specific recommendations covering a range of information types. Not all of this content will be relevant for you. In addition to this guide, iiNet is offering a range of support to affected individuals as set out below.

  • IDCARE

    If you have had identification documents or associated numbers impacted, you may wish to contact expert Case Managers at IDCARE, Australia’s national identity and cyber support community service.

    The contact details for IDCARE are as follows: telephone 1800 595 160 from Monday to Friday (excluding public holidays), between the hours of 8am – 6pm (AEDT). There are also local numbers provided for each Australian State on idcare.org/contact-us.

    Please quote the referral code TPG23 if you decide to reach out to IDCARE as the service will then be provided to you at no cost.
  • Equifax

    Equifax provides a credit and identity monitoring service. If you would like to take up a 12-month subscription to Equifax Protect at no cost, please contact the iiNet support number which is 1300 552 854 from Monday to Friday, between the hours of 9am to 9pm (AEDT) (excluding public holidays). You will need to provide the reference code 221664510 to the iiNet representative.

    An Equifax Protect subscription provides you with monthly credit reports and alerts if there are changes to your credit report.

If you have any questions about the cyber incident and the next steps that you should take, please contact ALARA in the first instance on admin[at]alarassociation.org.

If iiNet provides more information on this security breach, we will send you an update.

 

Colin Bradley
President