- Hacker got in 27 May 2017
- 50-60k email from 3 Australian employees were forwarded automatically outside the company
- System door closed 1st March 2018
- Employee information included tax file number, superannuation account numbers and Next of Kin details.
- Australia firms “…must take all reasonable steps to complete the assessment within 30 calendar days…” Svitzer reported 15 March.
- In Europe under GDPR it is 72hrs to report the breach.
Now that isn’t a long time for a full assessment to be completed but I couldn’t find on the OAIC site a timeline just for a breach notification. Is there one?
I had a look on Svitzer's press releases and couldn't find one.
A **** communication strategy is essential in a crisis - controlled, accurate, informative and authentic
A fast & planned response is essential as identity theft helps financial crime and other frauds.
Contact me about cyber health check or crisis communications.