IT services firm Data#3 has disclosed a “cyber incident” that appeared to target a third-party networking service the company used, resulting in 28 of its customers being impacted.
The incident appears to have occurred back on August 4, when Data#3 notified on its website the detection of “suspicious activity on [its] network.”
The Australian Cyber Security Centre (ACSC) was called in to investigate at that point, but there had been no updates since.
However, in a financial filing on Thursday morning [pdf], Data#3 disclosed the extent of the incident in terms of the number of its customers that were impacted.
It largely did not shed further light on the nature of the incident, saying the incident is still under investigation.
The company maintained its “wider IT environment is secure” - a statement it made earlier this month - and said it is now working with a “third-party forensic investigator to develop a full analysis of the incident”.
“Pending the outcome of the investigation, Data#3 may need to take further steps in response,” it said.
Data#3 said it had made contact with the 28 customers said to be impacted.
But it said the incident did not require formal notification to the Office of the Australian Information Commissioner (OAIC).