Symantec, the information security services industry giant, minimized a data breach incident that, according to cybersecurity specialists would have allowed a threat actor to access the company’s passwords and a list of customers, including prominent private companies and government institutions in Australia.
In this list of organizations working with
Symantec are the main departments of the Australian government, in addition,
the hacker has also claimed responsibility for the leak of information from the
Medicare medical company that ended with millions of records for sale on dark
web forums.
On the other hand, the company claims that it
is a minor incident involving an isolated testing environment in Australia that
does not have a connection to the company’s corporate network; “this lab only
works as a demo to show the security solutions we offer,” says Symantec.
The information security services firm decided
not to report the incident, as they thought that no confidential information
was compromised, as hackers failed to access Symantec’s corporate network.
The information extracted by the hacker is a
list of alleged Symantec CloudSOC service clients, administrator account access
credentials, and some account numbers. In the company’s statement, it is mentioned
that it is only fictitious information used for demonstration purposes. Alleged
organizations whose information was compromised include the Australian Federal
Police, four major banks, insurance companies, academic institutions and some
local government departments.
According to the experts in information
security services from the International Institute of Cyber Security (IICS),
the Australian Privacy Act includes a mandatory process for reporting data
breach incidents that could considerably compromise victims’ information.
“In Symantec we deal with any cybersecurity
incident with the highest priority and trying to comply with the data
protection laws of each country where we work”, said a spokesperson. “Nevertheless, according to our internal
policy, no confidential information has been compromised that could generate
further consequences; in any case, we will keep monitoring the situation”,
concluded the spokesperson.
