We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,812 News Articles

Melbourne IT launches investigation into AAPT data breach

Melbourne IT has confirmed that it is investigating the data breach which affected its customer, AAPT, earlier this week and reports that the incident was isolated with only a small number of servers affected.

Some AAPT business customer data stored on servers in Melbourne was accessed in the attack. According to AAPT CEO, David Yuile, preliminary findings suggested it was two files that were compromised and the data was historic, with limited personal customer information.

Hacktivist group, Anonymous, is believed to be behind the attack which was undertaken in reaction to the Australian Government's proposed data retention laws. According to a message posted on Twitter by AnonPR, members of the group will be releasing the 40GB of data taken from AAPT's servers on Saturday, 28 July.

Melbourne IT chief executive, Theo Hnarakis, told CIO Australia that the incident was related to a specific vulnerability which only affected a small number of servers.

"We believe this was an isolated incident however we are treating the matter extremely seriously and are undertaking multiple additional scans across our entire infrastructure base which includes a large number of servers," he said.

Hnarakis added that the scans, being undertaken to identify any other potential vulnerabilities, will take time as the scans triple-check its environment as an additional precaution.

"We are progressing this work as quickly as possible while minimising any load impact to customer websites," he said.

Since the incident was detected and investigations have been in progress, Hnarakis said that Melbourne IT has taken additional steps to further strengthen security measures.

"Our security posture will remain in a high state of readiness for the foreseeable future as the potential for further attacks on [Australian] Government and internet service provider [ISP] websites remains."

IDC Australia senior market analyst, Vern Hue, said that Australian ISPs should be stepping up security and ensuring that there is proper patching in place.

"Organisations also need to go back to basics and perform penetration testing that mimics how malicious agents would seek ways to exploit inherent vulnerabilities," he said.

Hue added that the actions of Anonymous would strengthen the Australian Government's resolve to pass data retention laws which are currently under discussion by the Parliamentary Joint Committee on Intelligence and Security (PJCIS).

"I don't think the government will back down on passing the data retention laws as they seem very determined to push this through," he said.

"Backing off now would be a symbol of victory to Anonymous and I think that's the last thing on the mind of the lawmakers."

Follow CIO Australia on Twitter: @CIO_Australia


IDG UK Sites

Samsung Galaxy Note 4 vs Samsung Galaxy S5 comparison review: Samsung's best ever smartphones...

IDG UK Sites

Nostalgia time: Top 10 best selling mobile phones in history

IDG UK Sites

How Ford designs next-generation cars at its Melbourne Design Centre

IDG UK Sites

Apple 15-inch MacBook Pro with Retina review and the mystery of the processor benchmarks