Case Study: Cyber-attack against transport provider

26 Oct 2023

The problem

An Australian transport provider created online contact forms so customers could submit requests to its various customer service teams. These contact forms collected a range of data, including Personally Identifiable Information and Financial Information. The information entered into these contact forms was being exposed to other website users under certain circumstances.

Our solution

The Clayton Utz Cyber team provided data breach analysis to the client. We used large-scale data analysis to identify customers who may have been impacted by the issue. Using data logs sourced from various systems we narrowed down 16 million website requests and identified the less than 100 individuals who were potentially impacted. This included leveraging our intelligence platform to remove bots and other non-relevant users from the data set in order to provide the clients legal advisers with the most concise data set possible.

The client used this information to notify potentially affected customers and report the incident to the Office of Australian Information Commissioner.

Get in touch

Clayton Utz communications are intended to provide commentary and general information. They should not be relied upon as legal advice. Formal legal advice should be sought in particular transactions or on matters of interest arising from this communication. Persons listed may not be admitted in all States and Territories.