Statement from URM

Statement from URM: Data Breach

URM has recently experienced a cyber incident where an unauthorised third party unlawfully accessed our systems.

Unfortunately, we have confirmed that some data was accessed by that unauthorised third party from our corporate network. We subsequently came to learn through our investigations that that third party likely took some information and that personal information relating to current and former employees may have been impacted.

URM takes the privacy and protection of personal information very seriously and sincerely regrets that this incident has occurred.

This notice outlines the particular types of personal information potentially involved, the steps taken to date by URM and the steps that you can take to reduce the potential impact on your personal information if you feel you may have been impacted.

Impacted Personal Information

At this stage, although we believe that the unauthorised third party likely took information from our network, to our knowledge and based on our monitoring, we do not believe that information has been published online.

Unfortunately, given the particular circumstances of this incident, we cannot know with certainty the precise information that was likely taken.

Nevertheless, based on our investigation, we have been able to identify the following types of personal information that we believe may have been extracted from our network relating to some of our current and former employees:

  • Name,
  • address,
  •  BSB,
  •  account number,
  •  superannuation details,
  •  salary information,
  •  tax file numbers,
  •  employment related information,
  •  medical assessments, and
  •  some identity documents.

The particular types of information varies for different people, and the impact to your data does not necessarily include all of these information types. Given our lack of certainty as to the impacted information, it is difficult for us to know for sure which of those information types were included in any impacted information relating to you.

If you do have particular concerns about what type of information of yours was accessed, please email us on info@urmgroup.com.au and we will endeavour to answer your queries as best we can with the limited information available to us.

What actions has URM taken?

Once aware of the incident, URM worked urgently to contain the threat and investigate what occurred. URM has also engaged external cyber security experts to assist with their response to the incident. URM is continuing to work with these experts to ensure the ongoing safety and security of its systems.

URM has reported the incident to the relevant authorities, including the Australian Cyber Security Centre (ACSC), and the Office of the Australian Information Commissioner (OAIC).

What can impacted individuals do?

Although we do not have confirmation that any employee information has been published online, URM recommends individuals take the following steps to reduce the risk of harm associated with access to their personal information:

1. Contact the ATO Client Identity Support Centre on 1800 467 033 (operating hours: Monday to Friday 8:00 am–6:00 pm) to discuss applying additional security measures and to monitor for any potential misuse of your tax file number. Additional information about this is available here: https://www.ato.gov.au/general/online-services/identity-security-and-scams/help-for-identity-theft/data-breach-guidance-for-individuals/.

2. Remain alert to increased scam activity, especially email and SMS or telephone phishing scams (i.e., fraudulent communications disguised as if to look like they come from an organisation you trust) and, in particular any such scam activity purporting to come from URM.

3. Do not click on any suspicious links or provide your passwords or any personal information. Always refuse any unprompted request from an individual to access to your computer even if they say they are from a credible organisation.

4. Enable multi-factor authentication for your accounts where possible.

5. Consider changing your online account passwords. The Australian Cyber Security Centre provides guidance around good password practices: https://www.cyber.gov.au/acsc/view-all-content/advice/passwords-pins- and-passphrases;

a. Install up-to-date anti-virus software on any device you use to access your online accounts; and

b. To monitor your financial records, you can apply for an annual free credit report or credit report ban from each of the consumer credit reporting agencies below:

i. Equifax: https://www.equifax.com.au/personal/products/credit- and-identity-products;

ii. Illion: https://www.creditcheck.illion.com.au/; and

iii. Experian: http://www.experian.com.au/consumer-reports

Further information on online safety, cyber security and helpful tips to protect yourself and respond to scams, identity theft and other online risks, can be found at the following government agency websites:

https://www.oaic.gov.au/privacy/your-privacy-rights/tips-to- protect-your-privacy/

https://www.cyber.gov.au/acsc/view-all-content/threats

https://www.scamwatch.gov.au/

Conclusion

URM regrets that this incident has occurred and may have resulted in some personal data being accessed illegally. We would like to apologise for any concern or inconvenience this may cause you.

If you would like any more information about this incident, please contact us at info@urmgroup.com.au

Share