TrustedCloud Cyber Security Incident

Atlantic Group (v) Pty Ltd ABN 77 109 807 383 (Atlantic Group) has been advised by TPG Telecom Ltd that its cloud data hosting service provider, TrustedCloud, was impacted by a cyber incident.

Unfortunately, Atlantic Group was among those clients whose stored data was impacted by this incident. In many cases this includes an employee's name, TFN, date of birth and address. For some employees, it may also include other types of personal information.

With the assistance of a forensic cyber security provider and TrustedCloud, Atlantic Group has undertaken a comprehensive forensic review to fully ascertain the extent of the issue and the information that has been accessed.

Personal information about current and past employees of Atlantic Group was accessed as part of the incident. At this stage, we have no evidence that the information has been further disclosed, or that it has or will be misused.

Using the contact information that we had on file about our past and current employees, we have tried to contact each affected individual directly, and notified each individual about their personal information that was accessed. In some cases, we do not have current contact information of affected individuals. If you have not received a direct communication from Atlantic Group, but would like to know if your personal information was accessed, please contact us using the details set out on this webpage.

Following the incident, Atlantic Group has moved its data to a new data hosting service provider.

What should you do now?

Atlantic Group is committed to assisting you to respond to this breach and to minimising the impact to the best of its ability.

We have notified the Office of the Australian Information Commissioner and the Australian Taxation Office (ATO). If your TFN was accessed, the ATO will monitor your profile for future misuse and put any necessary protective measures in place.

There are several steps you can take to mitigate the potential risk associated with this data breach. Those are detailed below.

We take the privacy and protection of employee information very seriously and we sincerely regret this has happened.

We are available to discuss this incident with you at any time. You can contact us by email at [email protected] or phone on 03 8623 9600.

We have included a detailed FAQ below to provide you with more information

What happened?

Atlantic Group has been advised that it was recently affected by a cyber incident that was targeted at its hosting service provider, TrustedCloud Pty Ltd (TrustedCloud).  

Atlantic Group has been advised that the incident was discovered and contained by TrustedCloud on 25 April 2021.  Since this time, a comprehensive forensic investigation has been undertaken to understand the incident, further enhance the security of the cloud service and identify the files impacted by the incident. 

What happened to your information?

Files belonging to Atlantic Group have been accessed and downloaded by a third party. One or more of those files contained information about you.

Atlantic Group has been advised that there is no evidence to indicate that any of the compromised files or the information contained in those files has been further disclosed or that it has or will be misused by the third party. We are working closely with TrustedCloud, whose forensic investigators are performing 24/7 monitoring, and we will be updated if this situation changes.

What information was accessed?

Due to the large number of files that were impacted by the incident, Atlantic Group's assessment of the files that were accessed and copied by the third party is ongoing. We have engaged a third party forensic vendor to assist with this process by assessing the compromised files to ensure it is completed as soon as possible.

Dec 2021 Update: We now know the information accessed and contained in the files that were part of this data breach. If you have not received a direct communication from Atlantic Group and would like to know if any of your personal information was accessed, please contact us on the details on this webpage.

What can you do?

Depending on the type of information we have told you has been accessed, you may consider taking the following steps:

1. TFNs

To prevent any future potential misuse of Tax File Numbers (TFNs), we have notified the ATO of this incident and that your TFN was impacted as part of the incident. The ATO will monitor your profile for future misuse and put any necessary protective measures in place.

More guidance on protecting information is available on the ATO's website, here: https://www.ato.gov.au/General/Online-services/Online-security/Protective-measures-for-individuals-following-a-data-breach/.

2. Contact information

For information about protecting your identity, visit https://www.oaic.gov.au/privacy/your-privacy-rights/tips-to-protect-your-privacy/.

The Australian Cyber Security Centre provides guidance around good password practice here: https://www.cyber.gov.au/acsc/view-all-content/advice/passwords-pins-and-passphrases.

The Australian Competition and Consumer Commission’s Scamwatch initiative has some useful guidance on protecting yourself from scams here: https://www.scamwatch.gov.au/get-help/protect-yourself-from-scams/.

Where a third party may have access to your contact information, it is important to:

• take note of what is called a 'Uniform Resource Locator' or 'URL' when on a webpage which is asking for your login credentials. This is located in the address bar of the web browser and typically starts with https://;
• if you are suspicious of the address, do not provide your login details and contact your service provider to ensure you are logging into the correct page;
• change your online account passwords if you have not already done so. If you emailed yourself passwords for other online accounts, change these as well. The Australian Cyber Security Centre provides guidance around good password practice here: https://www.cyber.gov.au/acsc/view-all-content/advice/passwords-pins-and-passphrases;
• enable multi-factor authentication for your online accounts where possible; and
• ensure you have up-to-date anti-virus software installed on any device you use to access online accounts.

3. Bank account details

For guidance on protecting against banking scams, visit: https://moneysmart.gov.au/banking/banking-and-credit-scams. You may also wish to:

• check your transaction statements closely;
• where available use two-step authentication, such as SMS codes to your mobile phone;
• check your credit report yearly (this alerts you to any attempts to open a credit account in your name); and
• never respond to, open or click on links in emails purporting to be from your bank (it is always safer to call).

4. Superannuation ID or member details

For guidance on protecting against superannuation scams, visit: https://moneysmart.gov.au/how-super-works/superannuation-scams. You may also wish to:

• check transaction statements closely;
• contact the superannuation company to report this incident and request to have tighter security on your account, such as adding a security question only you would know the answer to, or a new PIN;
• where available use two-step authentication, such as SMS codes to your mobile phone;
• check your credit report yearly (this alerts you to any attempts to open a credit account in your name); and
• never respond to, open or click on links in emails purporting to be from your superannuation company (it is always safer to call).

5. Passport details

Unauthorised access to an individual's passport does not affect its validity and the individual is still able to use it to travel and as a valid form of proof of identity.

Whilst passports have not been lost or stolen in connection with this incident, individuals may wish to call the Department of Foreign Affairs and Trade on 131 232 to advise that a copy has been taken in a ransomware attack. We strongly encourage you to do so even if the passport has expired. DFAT will advise if it is necessary to cancel your current passport.

Because passports provide credentials which can be used to take out a line of credit, or otherwise conduct fraudulent transactions, we recommend you review and continue to monitor your consumer credit report for any discrepancies or unusual activity. Information about obtaining a credit report is provided at item 7, below.

6. Other forms of ID

Unauthorised access to an ID does not affect its validity and the individual is still able to use it for its intended purpose, and as a valid form of proof of identity.

However, this ID information provides credentials which can be used to conduct fraudulent transactions.

Should you wish to take precautionary measures in respect of any further forms of ID, we suggest that you:

• contact the issuing authority to let them know that a copy of your ID may have been accessed by an unauthorised third party, and request that they put an alert or restriction on your file; and
• review and continue to monitor your consumer credit report for any discrepancies or unusual activity. Information about obtaining a credit report is provided at item 7, below.

7. Credit Check

As a precautionary measure and to further mitigate the risk of misuse of personal information, you may apply for an annual free credit report from one of the consumer Credit Reporting Agencies below.

You may also consider contacting the below credit reporting bodies to place a temporary ban on your credit report. This means that they will not be able to share credit reports with credit providers without your consent for 21 days (unless extended).

If you are based in Australia:

8. Online Vigilance

Be wary of phishing or other non-genuine communications, including by reviewing the sender of the email, the language used and be cautious of links and attachments – if in doubt, make enquiries with the organisation and the individual sender using other means. Scamwatch ( www.scamwatch.com.au) has help on protecting yourself from scams.

We are available to discuss this incident with you at any time. You can contact us by email at [email protected] or phone on 03 8623 9600.