Billionaire Harry Triguboff's hotel and property empire Meriton is the latest major corporate to announce it is the victim of a cyber hack, with 1,889 people potentially affected by the breach that is estimated by a forensic team to have extracted 35.6GB worth of data.
This is a miniscule number compared to the almost 8 million driver's license numbers that were stolen in the cyber attack on Latitude Group (ASX: LFS), and Meriton has clarified very little of the data was PID (personal identifiable data) related or sensitive information.
"Meriton has personally notified all individuals potentially affected by the incident, who have received tailored advice in respect to recommended steps that should be taken," the company said in a statement.
"There is no evidence that this cyber incident was directed towards any specific individual, and Meriton’s investigation has revealed no evidence that affected individuals have had their information misused.
"Meriton’s hotel guest database for all past, present and future hotel guests was not compromised. Guest data was not stolen. The guest information that may have been have been affected relates to incident reports."
Affected individuals include guests, as well as past and present employees, all of whom the hotel chain claims have been notified by letter.
The hotel clarified that guest information that may have been affected relates to incident reports within the hotel, so any injuries sustained in those incidents could potentially reveal information about individuals' health.
The incident itself was identified on 14 January, prompting Meriton to work closely alongside leading cyber-security and forensic IT professionals, and taking all available steps to protect against future risk to data and prevent recurrence.
"This has included implementing enhanced cyber security measures to protect Meriton’s network as well as extensive network monitoring so that Meriton can quickly identify and respond to any future issues," Meriton said.
"Meriton takes information security and privacy very seriously and has allocated significant resources to manage its response. Meriton has notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner (OAIC) of the incident, and will continue to liaise with relevant government agencies as required."
The OAIC closed its file on the case on 20 March.
Help us deliver quality journalism to you.
As a free and independent news site providing daily updates
during a period of unprecedented challenges for businesses everywhere
we call on your support