Melbourne IT has confirmed that it is investigating the data breach which affected its customer, AAPT, earlier this week and reports that the incident was isolated with only a small number of servers affected. Some AAPT business customer data stored on servers in Melbourne was accessed in the attack. According to AAPT CEO, David Yuile, preliminary findings suggested it was two files that were compromised and the data was historic, with limited personal customer information. Hacktivist group, Anonymous, is believed to be behind the attack which was undertaken in reaction to the Australian Government’s proposed data retention laws. According to a message posted on Twitter by AnonPR, members of the group will be releasing the 40GB of data taken from AAPT’s servers on Saturday, 28 July. Melbourne IT chief executive, Theo Hnarakis, told CIO Australia that the incident was related to a specific vulnerability which only affected a small number of servers. “We believe this was an isolated incident however we are treating the matter extremely seriously and are undertaking multiple additional scans across our entire infrastructure base which includes a large number of servers,” he said. Hnarakis added that the scans, being undertaken to identify any other potential vulnerabilities, will take time as the scans triple-check its environment as an additional precaution. “We are progressing this work as quickly as possible while minimising any load impact to customer websites,” he said. Since the incident was detected and investigations have been in progress, Hnarakis said that Melbourne IT has taken additional steps to further strengthen security measures. “Our security posture will remain in a high state of readiness for the foreseeable future as the potential for further attacks on [Australian] Government and internet service provider [ISP] websites remains.” IDC Australia senior market analyst, Vern Hue, said that Australian ISPs should be stepping up security and ensuring that there is proper patching in place. “Organisations also need to go back to basics and perform penetration testing that mimics how malicious agents would seek ways to exploit inherent vulnerabilities,” he said. Hue added that the actions of Anonymous would strengthen the Australian Government’s resolve to pass data retention laws which are currently under discussion by the Parliamentary Joint Committee on Intelligence and Security (PJCIS). “I don’t think the government will back down on passing the data retention laws as they seem very determined to push this through,” he said. “Backing off now would be a symbol of victory to Anonymous and I think that’s the last thing on the mind of the lawmakers.” Follow CIO Australia on Twitter: @CIO_Australia Related content feature 4 remedies to avoid cloud app migration headaches The compelling benefits of using proprietary cloud-native services come at a price: vendor lock-in. Here are ways CIOs can effectively plan without getting stuck. By Robert Mitchell Nov 29, 2023 9 mins CIO Managed Service Providers Managed IT Services case study Steps Gerresheimer takes to transform its IT CIO Zafer Nalbant explains what the medical packaging manufacturer does to modernize its IT through AI, automation, and hybrid cloud. By Jens Dose Nov 29, 2023 6 mins CIO SAP ServiceNow feature Per Scholas redefines IT hiring by diversifying the IT talent pipeline What started as a technology reclamation nonprofit has since transformed into a robust, tuition-free training program that seeks to redefine how companies fill tech skills gaps with rising talent. By Sarah K. White Nov 29, 2023 11 mins Diversity and Inclusion Hiring news Saudi Arabia will host the World Expo 2030 in Riyadh By Andrea Benito Nov 28, 2023 4 mins Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe