Vocus, the parent company of Australian telecommunications providers Dodo and iPrimus, has confirmed a significant cyberattack affecting approximately 1,600 customers. The breach, which began on the evening of July 7, 2023, resulted in unauthorized access to email accounts and subsequent SIM swaps for some mobile users.
The incident was initially detected when Vocus noticed “suspicious activity” within its email system. In response, the company promptly disabled its email services to mitigate further damage. A Vocus spokesperson stated, “Our initial investigation has revealed unauthorized access to approximately 1,600 email accounts, leading to unauthorized SIM swaps on 34 Dodo Mobile accounts.”
Response and Customer Support
In the wake of the breach, Vocus has been actively working with affected customers to reverse the unauthorized SIM swaps. The company’s email services remained suspended as technicians focused on resolving the issue, with access restored by 7 AM on Sunday, July 9. Customers were required to contact their service provider to reset their passwords for security purposes.
Vocus has advised its customers to stay informed through the company’s social media channels and website. Additional support is being provided through identity and cyber support service IDCare, which aims to assist those impacted by the hack. “We apologize for the inconvenience caused by the temporary suspension of email services while we prioritized security,” the spokesperson added.
Context of Recent Cyberattacks in Australia
This incident marks the latest in a series of cyberattacks targeting major Australian companies. In July 2023, Qantas faced a significant data breach linked to a third-party platform provider, Salesforce. This attack resulted in the theft of sensitive customer data from 39 major companies, including Qantas, Disney, Toyota, and FedEx. The hacking group responsible, known as Scattered LAPSUS$ Hunters, threatened to release the stolen data unless a ransom was paid, which Salesforce declined.
The data compromised in the Qantas incident included personal information such as full names, email addresses, and frequent flyer details, although no financial information or passwords were affected. The rise in such cyber incidents highlights the growing risks faced by organizations in safeguarding customer data.
Vocus continues to monitor the situation closely, ensuring that all necessary steps are taken to protect its customers and prevent future breaches.
