G4S Australia was the subject of a cyber incident which occurred on 5 July 2022.  
 
We have been monitoring the situation daily and on 16 September 2022 we became aware that the unauthorised third party had disclosed some information online. The data was not easily accessible and it took time for us to investigate it and understand what information it contained. 

 

What information was affected by the incident?

Despite our extensive investigations we are unable to confirm the full extent of the data that was impacted by this incident.  However, if you have provided your personal information to G4S Australia, whether directly or indirectly, that personal information may have been published online or otherwise affected by the cyber incident.

G4S Australia has taken action to prevent the unauthorised third party from further accessing its systems and its data, including working closely with the Australian Cyber Security Centre’s incident response team and the relevant authorities (including law enforcement) in relation to the incident. 

 

Why has this notice been published? 

This notice has been published as you may wish to consider taking remedial steps to protect yourself if you have shared personal information with G4S Australia, and for the purpose of the Privacy Act 1988 (Cth).  

 

What can I do in response to the incident?

If ou believe you have been affected and we have not contacted you directly there are support services and actions you may wish to consider, if applicable, in order to protect yourself.  Whether or not these are appropriate for you will depend upon the type of personal information you may have shared with G4S Australia. 

 

Be alert

Look out for any suspicious or unexpected activity across your online accounts, including your bank accounts. Make sure to report any fraudulent activity immediately to the related provider.

Look out for contact from scammers who may have your personal information. This may include suspicious emails, texts, phone calls or messages on social media.

Never click on any links that look suspicious and never provide your passwords, or any personal or financial information. If people call you posing as a credible organisation and request access to your computer, always say no.

 

General advice

• Advise your financial institution and review your security arrangements
• Update your online banking, email, and other passwords – use unique passwords for each account
• Set up Multi Factor Authentication (MFA) where possible and don’t use SMS, use something like an authenticator app
• Monitor your phone closely – if it suddenly stops working it may have been ported
• Do not open any suspicious texts, pop-up windows or emails, and do not click on suspicious links or open unusual attachments which you may receive
• If you have recently taken steps to protect yourself, or your documents have expired, since 04 July 2022, such as updating your passwords or personal documents, you will not need to do so again.  

 

Help and advice

You may visit IDCARE’s Learning Centre for further information and resources on protecting your personal information, via www.idcare.org/learning-centre or by calling 1800 595 160.     

If you have any questions about what we have set out in this notice, please feel free to contact: g4sincidents.support@g4s.com.au.

You may contact the Australian Information Commissioner via phone on 1300 363 992 or www.oaic.gov.au with any questions or concerns.