On 21 April 2023, AWH was alerted to activity on our systems which indicated a potential cyber incident. We engaged external cybersecurity experts to commence an investigation into that activity and we took immediate action to ensure the ongoing security and integrity of our systems.
We are confident that our client portal was not compromised by this incident and we have restored all services with minimal disruption.
However, our investigations have now identified that a small subset of data was likely taken from our systems by an unauthorised third party. Unfortunately, despite our concentrated efforts, we have been unable to confirm the contents of the impacted dataset.
As such, although there is nothing to suggest that employee information has actually been taken from our systems, we cannot rule out the possibility that an unauthorised third party may have accessed it.
We are not aware of any evidence of attempts at misuse of this information and our monitoring shows no indication that files relating to AWH have been published externally (including on the deep, dark, or open web).
However, we take the privacy of our clients and other stakeholders incredibly seriously and are informing you of this development and preventative measures you can take to safeguard your information.
AWH generally does not store personal information on behalf of its clients. In some instances, information provided by clients may include contact information and bank account details for the purpose of making payments, or other details relevant to the services provided by AWH.
AWH asks that its clients and other stakeholders:
- Be vigilant particularly when receiving emails that may appear suspicious or purport to relate to a change of bank account details. Always verify the legitimacy of communications by authenticating the sender and if in doubt, please telephone your known contact (on their known contact details) to verbally confirm bank account details prior to transferring funds electronically.
- Change online passwords, use strong passwords and consider enabling multi-factor authentication where possible;
- Visit cyber.gov.au for further information about online safety and cyber security.
AWH has reported the incident to the Australian Cyber Security Centre (ACSC) and relevant government authorities.
AWH remains commited to protecting your information.
If you have any questions about the incident, or would like further information, please contact us by email at [email protected]