Dialog IT has become the second of Singapore Telecommunication Ltd (Singtel)’s Australian companies to reveal a recent security incident.
Dialog IT stated that an unauthorised user “may have accessed company data, potentially affecting fewer than 20 clients and 1,000 current Dialog employees as well as former employees."
A “very small sample” of Dialog data including some employees’ personal information was published on the dark web, the company stated.
Dialog stated that it first became aware of unauthorised access to its servers on September 10, 2022 before it published a statement about the incident on October 10.
“Dialog detected unauthorised access on our servers, which were then shut down as a preventative measure. Within two business days, our servers were restored and fully operational,” its statement reads.
“We contracted a leading cyber security specialist to work with our IT team to undertake a deep forensic investigation and continuous monitoring of the Dark Web. Our ongoing investigations showed no evidence of unauthorised downloading of data.
But on October 7, Dialog “became aware that a very small sample of Dialog’s data, including some employee personal information”, was published on the Dark Web.”
Dialog stated that it has notified relevant authorities and is “supporting those who may be impacted to protect against the risk of fraudulent activity.”
There was “no evidence” the incident was linked to the recent Optus breach, Singtel stated on October 10. Dialog’s systems are "completely independent from NCS, Optus and Singtel", Singtel stated.
"Following the September 10 unauthorised access, in an abundance of caution, Dialog informed all clients and relevant government agencies," a Dialog spokesperson told CRN.
"Again, as a precaution, we are engaging all clients, relevant authorities and employees on the current situation."
Dialog IT was bought by Singtel’s B2B digital services subsidiary NCS Group in March this year for $325 million. It has a presence in Brisbane, Sydney, Melbourne, Canberra, Perth, Darwin and Adelaide. The NSW Electoral Commission, Queensland Health, Virgin Australia, NAB, and Rio Tinto are among its clients.
In a separate incident, Optus data belonging to 29,000 customers and 23 businesses was published on a dark web forum on October 7. The data came from the 2020 zero-day exploit of Accellion’s File Transfer Appliance, which resulted in information being stolen from several large organisations, including Transport for New South Wales.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
