Published: 21 July 2024
Important Security Update - Former employees and contractors - 21 July 2024
We regret to inform you that we have become aware of a security incident affecting Active Hearing Pty Ltd, Hearclear Audiology Pty Ltd, Hutchinson Audiology Clinics Pty Ltd and Widex Australia Pty Ltd.
On 5 July 2024, we became aware of a ransomware attack which encrypted data on several systems and impacted a number of our applications. The threat actor also claimed to have stolen data from our network, although so far this has not been verified. As at the date of this notice, however, we do know there was unauthorised access by the threat actor. As soon as we became aware of the incident, we took immediate steps to contain the incident and secure our systems, and our response team is working hard to investigate and identify what personal information has been affected by this incident.
We have notified the incident to the Office of the Australian Information Commissioner, the New Zealand Office of the Privacy Commissioner and law enforcement in both countries and will continue to liaise with those authorities.
Our current understanding is that a range of personal information of former employees and contractors of Active Hearing Pty Ltd, Hearclear Audiology Pty Ltd, Hutchinson Audiology Clinics Pty Ltd and Widex Australia Pty Ltd may be involved including name, address information, contact information, date of birth, financial information, superannuation information, social services information, tax information, government related identifiers and various other records.
Investigations are ongoing and we are still assessing the categories of information that may be impacted. We will publish further updates on the categories of information affected and any risks we identify as we find out more.
We know this is a concerning development but rest assured your privacy and security are of utmost importance to us. We sincerely apologise for any distress this incident may have caused.
If we confirm that any former employee or contractor’s personal information has been exfiltrated by the threat actor, we will write to those individuals to confirm this and recommend steps those individuals can take to protect themselves, where required by law and provided that we have a means of practicably doing so.
In the interim, we urge you to be vigilant regarding all online and phone communications and transactions. Please update your passwords and activate multi-factor authentication wherever possible, and maintain good online security practices, including avoiding opening messages or clicking on links from unknown senders.
To support former employees and contractors during this time, we have also partnered with IDCare, Australasia’s national identity and cyber support community service. Their expert Case Managers can assist with any concerns related to personal information risks. These services are provided at no cost to you. You can complete an online Get Help form at www.idcare.org or call 1800 595 160 (AU). A unique referral code will be provided to you if you are impacted by this incident. Along with IDCare, the Privacy Commissioners’ offices have good resources regarding what you can do to protect yourself and also receive complaints (for Australia, see https://www.oaic.gov.au/.
Please continue to stay alert and report any suspicious activity. If you believe that you may be impacted by the incident, please monitor our website for further updates. Alternatively, you may contact us in relation to the incident by emailing support@bloomhearing.com.au.