14 DAY TRIAL // Over six hundred credit cards belonging to various Australian government agencies have been compromised during a cyber attack against a telecommunications company.
The security breach at Sydney-based Rojone Pty Ltd, a supplier of communications equipment and cabling, occurred last month and resulted in the theft of a database with over 14,000 customer records, including credit card details.
The attacker contacted one of the victims to inform them that their information was compromised, as well as ZDNet Australia, to which he revealed using simple URL manipulation in the attack.
The person claiming to be responsible said no hacking techniques or exploits were used, although it's not clear if this excludes SQL injection, an attack method which involves manipulating URLs.
ZDNet Australia reports receiving a document with the details of 629 credit cards belonging to federal agencies, including their names and those of their staff.
The hacker claimed there was a serious lack of security on Rojone's systems and that more sensitive data was stored insecurely in a secondary database.
The company is a relatively big government contractor that recently won an important bid to provide vehicle tracking software for the NSW Department of Corrective Services.
After learning about the security breach, Rojone shut down compromised severs, launched a full investigation and took measures to tighten security.
However, the hacker still had backdoors inside the network, because he managed to intercept internal company emails discussing the security changes.
Rojone's managing director Livia Grabowski, told ZDNet Australia that she suspects a competitor being behind the breach, but the investigation is ongoing.
The Australian Federal Police is aware of the situation, but declined to confirm or deny any involvement or whether an official investigation is underway.