Members correspondance relating to a data breach

Email 1:

Notice of unauthorised email sent from GS1 Australia mail account

We hereby advise that earlier today you may have received an email from Ann Tindale at GS1 Australia with the subject headings ‘GS! Australia – 04.06.2018’ and ‘GS1 Australia – 04.06.2018’ and including a PDF attachment named ‘GS1_Australia_Business_Proposal.PDF’.

 

These emails are malicious/unauthorised and not instigated by Ann Tindale or GS1 Australia.

 

We have carried out a detailed situation analysis and believe that the PDF, when opened, provides a link that will take users to a malicious site prompting them to enter their online mail credentials (e.g. Outlook, O365, AOL, Others etc).

 

GS1 Australia is treating this issue with utmost attention. We are contacting each affected recipient directly and recommend the following course of action:

  • If you, or users accessing your email account, have accessed the email but not yet actioned it:
  • If you, or users accessing your email account, have actioned the email i.e. opened the attached file and entered credentials:
  • If you have an IT department or service provider, we recommend you advise them of the situation
  • Please feel free to contact GS1 Australia if you require more information at solutions.support@gs1au.org

Regards,
 

Email 2:

Notice of unauthorised email sent from GS1 Australia mail account

We are writing to update you about the data breach issue we notified you of earlier this month.


Our investigation has identified that on 29th March 2018 at 2:50pm, an unknown perpetrator masquerading as a GS1 Australia member used a phishing process to gain the log in account details of a GS1 Australia staff member.   

 

On Friday 6th April 2018, an unknown party, masquerading as a GS1 Australia employee, sent unauthorised malicious emails to approximately 500 separate organisations/recipients. The email addresses used were acquired through the data breach that occurred on the 29th March. It is important to highlight that these email addresses were only sourced from the breached GS1 Australia user’s mail account and not any internal GS1 records management systems. 

 

By 2:00pm on Friday 6th April, diligent receivers of these new phishing emails began to report suspect activity to GS1. Once GS1 Australia became aware of the problem, we immediately took steps to determine the nature and scope of the issue. As required in our data breach policy, an incident team was instantly formed to ensure we contained the issue, established the root cause, took remediation where necessary, and communicated with all affected parties.  This team conducted regular review meetings after the breach event until the close process.

 

At 3:41pm on the day the breach was discovered, GS1 Australia staff were advised to be aware of the breach and provided information on how to appropriately handle this issue with any affected parties making inbound queries.

 

At 6:07pm on the day the breach was discovered all identified impacted parties were notified by email of the data breach and advised what remedial action should be taken. The GS1 Australia support desk contact information was provided for additional support.

 

Further investigation was conducted over three weeks following the breach to identify what data and systems were accessed, ensure that all affected parties were notified, and appropriate changes to procedures and staff awareness were put in place. Through review, further remediation actions have been identified to further enhance GS1 Australia’s ability to avoid and manage any future incidents.

 

We are taking steps to protect our community, including the following:

  • We have notified all affected users to provide information on how they can protect their data.
  • We recommend to our entire community that all users should change their passwords (to one of adequate “strength”) and urge users to do so immediately, and institute a regime of regularly changing passwords.
  • We continue to monitor for suspicious activity and to coordinate with authorities.
  • We are working with leading data security firms to review our complete technology environment and staff procedures to ensure that we have sufficient protection for the type of data that we manage both internally and on behalf of our customers. 
  • We continue to make enhancements to our systems to detect and prevent unauthorised access to user information.
 

We take our obligation to safeguard your personal data very seriously and are providing you with this update about this issue, so you too can take steps to help protect your information. We recommend you:

  • Change your passwords to all your accounts (not just your GS1 accounts) to one of adequate “strength”.  We urge all users to do this immediately and to institute a regime of regularly changing passwords.
  • Review your accounts for suspicious activity.
  • Be cautious of any unsolicited communications even if they come from an address that on the surface, appears to be genuine. 
  • Be especially suspicious of any communication that asks for your personal data or refer you to a web page asking for personal data.
  • Avoid clicking on links or downloading attachments from suspicious emails.
 

For more information, read more

 

We understand that you value your privacy and we take the protection of your information seriously.

 

Yours sincerely,

Steven Pereira

CIO