A cyber-attack on Australian recruitment company Finite Group is impacting both companies and government agencies across the country.
Finite was compromised by threat actors in October in an incident that is still being investigated. During the attack, some of the company’s data was exfiltrated and later published online.
Information stolen in the attack includes the personal details of employment-seeking Australians who registered with the company. News source ABC viewed stolen data that contained individuals’ resumes, salary details, and details of checks that had been carried out to verify their employment references, criminal history, and visa information.
The cyber-criminals behind the attack threatened to release the data unless they received a ransom payment.
Finite serves the recruitment needs of corporate clients and government agencies as well as those of individuals. Banks, businesses, and government agencies that have reportedly been impacted by the cyber-attack on Finite include Adairs, AMP, Westpac, Coles, ME Bank, Suez Australia, NBN Co., and the departments of defense, health, and home affairs.
Finite said that it will contact any individuals and stakeholders impacted by the incident to notify them that their data may have been compromised.
The Conti ransomware gang has claimed responsibility for the attack on Finite. In a notice posted on its website, the cyber-criminal organization bragged that it had stolen more than 300 gigabytes of data from Finite.
The stash allegedly included financial data, contracts, NDA forms, customer databases with phone numbers and addresses, contracts with employees, scans of passports, and mail correspondence.
Conti was also responsible for a recent attack on the South Australian government’s payroll provider in which the personal information of public-sector workers in South Australia was compromised.
The attack on Frontier Software exposed the names, dates of birth, tax file numbers, home addresses, bank account details, remuneration, and superannuation contributions of close to 80,000 workers.
Speaking last week, State Treasurer Rob Lucas said: “I am advised all public sector employees, except for Department of Education staff who are on a different payroll system, should assume that their personal information has been accessed during Frontier Software’s cyber-attack.”