EnergyAustralia today announced it has commenced implementing additional password complexity for its My Account online customer platform following a recent cyber incident that resulted in unauthorised access to 323 customer accounts.
All customers logging into My Account are now required to reset their password using additional characters, including a mix of capital and lowercase letters, numbers and special characters.
The change follows a recent cyber incident involving My Account, EnergyAustralia’s customer platform. The incident resulted in the exposure of data for 323 residential and small business customers. My Account includes the customer’s name, address, email address, electricity and gas bills, phone number and the first six and last three digits of credit cards.
There is no evidence that customer information was transferred outside of EnergyAustralia’s systems, and importantly, identification documentation, such as driver’s licences or passports, and banking information, are not stored on My Account. This information remains secure. No other EnergyAustralia systems were affected.
During the incident, which occurred commencing Friday, 30 September, EnergyAustralia suspended access to My Account while investigations occurred and affected accounts were immediately locked and reviewed. All 323 affected customers were contacted by SMS, and email on Sunday, 2 October to reset their password, with follow-up by phone in the following week.
EnergyAustralia Chief Customer Officer Mark Brownfield said: “We apologise for the concern that this issue may have caused our customers.
“While this incident was limited in terms of customers affected, we take the security of customer information seriously and have been working hard to put in place additional layers of security to ensure the protection of all customer information.
“This now includes the implementation of more complex passwords. We recognise the transition to more secure passwords won’t be easy for all our customers, however, this incident and other recent cyber incidents have highlighted this is where we need to go with password complexity.”
Relevant regulatory authorities and government agencies have been briefed on the My Account issue. For more information on keeping My Account safe, customers can go to EnergyAustralia’s website and find Online Security under Frequently Asked Questions.