Security firm G4S Australia has confirmed that employee data taken in a ransomware attack earlier this year has been leaked.
The company confirmed the data leak to iTnews, but declined to discuss the extent of the breach.
“As previously notified, G4S Australia was the subject of a cyber incident on July 5 2022,” a G4S spokesperson said.
“The confidentiality, privacy and wellbeing of staff and those with whom we work is of critical importance, and we take this matter very seriously.
“The breach was identified and relevant authorities were promptly informed.
“G4S Australia has been closely monitoring the situation since the event and can confirm that some data was disclosed by an unauthorised third party.”
The company said it is providing advice and support to affected staff members, and will reimburse the cost of replacing driver’s licences and passports.
The leak was revealed by The Guardian yesterday.
According to that report, the breach began with a July ransomware attack on Port Phillip prison, which is managed by G4S Correctional Services (Australia).
This gave the attackers access to detailed HR records, reportedly including “names, addresses, dates of birth, contact details, police and medical checks, tax file numbers, bank account details, superannuation information, Medicare numbers and licence details.”
Some employees’ payslips, health information, and Workcover records were also compromised.