Notification of Data Breach
Around 12th of June 2019, Scope (Aust) Ltd (Scope) experienced a breach after three (3) Scope staff opened a phishing email link from an unauthorised source A detailed forensic investigation was undertaken by Scope’s IT team on 17th of June 2019 to evaluate this breach and contain the situation.
The investigation found that breach resulted in access to the contact lists of the 3 staff members. This included email address details of 36 other staff and other contacts of those Scope staff.
The unauthorised party also sent emails purporting to be from Scope, to individuals who have had no previous relationship with Scope (i.e. they are not staff or customers of Scope).
The threat was managed immediately by Scope’s IT Division.
What to do if you think you have accessed this phishing email
If you have accessed the phishing email and are concerned about your email details being accessed by an unauthorised party, please follow these steps to protect your email account:
- Change your password;
- Beware of potential phishing emails and telephone calls from businesses or individuals requesting your personal details; and
- Avoid opening attachments from unknown senders.
- If you are unsure if a received email is genuine, contact the sender of the email by phone or SMS to confirm its legitimacy.
- The images below show what this phishing email and the document in the link looked
Image of document accessed from the link in the phishing email
Scope’s safeguard measures
Upon being notified of this email breach, Scope’s IT Division put in place the following safeguards and within a matter of hours:
- Asked the three (3) staff who accessed this link to reset their passwords;
- The link was blocked which was included in the phishing email (as set out in Image 1).
- Identified the subjects of the phishing emails and ran a script to delete the emails from Scope staff emails;
- Instruction was sent to the entire organisation to contain this breach and ensure that staff do not open the link.
Scope’s IT Department has done a detailed forensic investigation onto the matter.
In summary, the investigation determined that the three (3) staff opened an email link from an unauthorised source and upon selecting the email link, the staff were then redirected to a website that required them to log-on using their staff username and staff password. The unauthorised party was able to access the staff member’s email account and consequently send emails from that staff members account.
The forensic investigation found:
- The first staff member received the link through their email. The staff accessed the link and logged their information on the 12th of June.
- The first breach occurred on the 15th June 2019, where the malicious agent used the compromised account to login to the staff members email account and log out again.
- Two additional Scope staff received the link through their email. These staff accessed the link and logged their information at different times on the 17th of June.
- The second breach was detected on 17th June 2019. Within hours of being notified of the breach Scope’s infrastructure management centre was able to locate the IP address and close it down. The last session was closed at 9.11am on 18th of June 2019.
- The information accessed through this breach includes:
- Emails of the three staff who accessed the link, including their username and passwords; and
- Emails addresses of the contacts associated with the three staff. The contacts associated with the three staff may be other Scope staff, Scope clients, third party contacts who may work with the staff or personal contacts.
What else is Scope doing to address this situation?
We will work with government authorities and independent security experts.
Scope takes privacy very seriously and are doing to ensure that our systems and that the data we hold is held securely. The breach has been identified, accessed and stopped. In addition, Scope has notified:
- Office of the Australian Information Commissioner (OAIC) and will continue to work with OAIC and other regulatory bodies as required;
- Australian Cyber Security Centre; and
- Encouraged affected Scope staff to notify their contacts about the breach with a link to information on Scopes website.
- Scope is currently in the process of implementing enhanced security measures including Multi-Factor Authentication, and a 24×7 Security Operations Centre monitoring a Security and Incident Event Management Solution.
For more information or support please contact us:
1300 472 673