Origin Energy confirms data breach
Make us a preferred source
Make us a preferred source on Google
The News: Origin Energy has confirmed that encrypted data of 700 of its customers was stolen in July after an employee who was terminated emailed himself an encrypted file containing the information.
The Context: The breach, which the Information Age first reported, contained customers' debit and credit card details and prompted Origin to compel the former employee to delete the file and sign a statutory declaration to that effect.
Origin alerted the Office of the Australian Information Commissioner (OAIC) and said it was in the process of reporting to the Australian Signals Directorate (ASD) and the Federal Police.
Origin has contacted all of the customers to apologise for the breach, offered them credit monitoring services at no charge and is conducting an investigation into how it occurred.
The data was encrypted and while Origin found no evidence that the information was accessed since being emailed, the company could not guarantee that it would not be used in future.
What they said: “We have discovered that a former employee acted in serious breach of our policies, procedures and the standards we require from our employees when handling customer data,” said an Origin spokesperson.
“We are conducting our own investigation into the matter to see if there are any changes we can implement to ensure this isolated incident does not happen again.”
The sources: The Information Age, Origin emailed statement
