Australian energy company AGL has reported a cyber incident on its My Account platform, where cyber attackers possibly stole credentials acquired externally to log into AGL customer accounts.
On December 1, AGL announced that it found suspicious activity on the platform and reached out to potentially affected customers to alert them to unusual activity on their accounts.
“AGL takes customer privacy and protecting customer data very seriously,” AGL said in a statement. “All AGL customers with an email address on their account are being notified of the activity and provided with advice on the importance of using strong passwords, not reusing passwords, and the availability of two-factor authentication.”
As a precautionary measure, AGL locked the potentially affected accounts while investigating the incident. Once unlocked, customers are required to reset their password to log into their accounts. It also informed the federal government and relevant regulatory bodies, the Office of the Australian Information Commissioner, and the Australian Cyber Security Centre.
A cybersecurity solution provider's recent report found Australia among the top 10 countries most affected by ransomware attacks in October 2022, while a report by security giant Sophos warned organisations that ransomware attacks will become more devastating in 2023.
In response to the recent cyberattacks across Australia, the Australian Prudential Regulation Authority (APRA) intensified the supervision of its regulated entities, including Medibank.