A Russian Hacking Group Caused A Data Breach That Could Affect Coles, Westpac & Some Gov Depts

UPDATE: Both Westpac and the Department for Home Affairs have now given statements about the data breach.

A Westpac spokesperson told PEDESTRIAN.TV that it’s aware that Finite has been impacted by data breach, but that it hasn’t affected any customer data.

“Westpac takes the privacy and protection of our data extremely seriously and we are investigating the matter,” the spokesperson said.

A spokesperson for the Department of Home Affairs said that it doesn’t share “any sensitive classified data with recruitment providers”.

It also confirmed that it hasn’t been impacted by the data breach.

ORIGINAL: A group of Russian hackers has potentially revealed the personal details of staff and job applicants at numerous Aussie organisations, including multiple government departments.

According to the ABC, the data breach is part of an attempt to extort a recruitment company called Finite, which works with major companies like Coles, NBN Co, Suez Australia, AMP, Adairs and Westpac. It also works with three government departments: Health, Home Affairs and Defence.

In a statement given to the ABC, Finite described the hack as a “one-off cyber incident that occurred back in October”.

The reason it’s circulating now is because some of the data has been released. Finite said “we are aware that a small subset of Finite Group’s data has been downloaded and published on the dark web”.

PEDESTRIAN.TV has reached out to Finite Recruitment, Coles, Westpac and the Departments of Defence, Home Affairs and Health for comment, but didn’t receive a response by the time of publication.

In a statement to the ABC, Coles said that “we have engaged directly with Finite to understand what steps they are taking to investigate the incident and to secure their systems, and to assess any impact to Coles contractors or team members”.

The ABC reported that some of Finite’s clients said they had been contacted by the company about the data breach but others said they hadn’t.

The hackers themselves are part of a group called Conti. According to the Aussie government’s Cyber Security Centre, Conti has been responsible for a number of hacks since 2020.

It says that Conti is a “ransomware variant first observed in early 2020, used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia”.

“Conti is offered as a Ransomware-as-a-Service (RaaS), enabling affiliates to utilise it as desired, provided that a percentage of the ransom payment is shared with the Conti operators as commission,” the Cyber Security Centre elaborated.

To put that in simpler terms, the group hacks a company or organisation and holds it to ransom, which is all very Tom Cruise in Mission Impossible.

The ABC reports that on the group’s website, they’ve posted a ransom for Finite with threats to release over 300 gigabytes of data.

That’ll include people’s financial details, addresses, passports, phone numbers, contracts and companies customer databases – so a lot of shit.

The ABC also says that it has been able to access some of this leaked info on a standard web browser. At the moment, the data of some people who’ve applied to jobs through Finite is available, including their resumes, salary info and visa, criminal history and reference checks.

At the moment, it’s not clear what ransom Conti is asking from Finite.