Thousands affected in Perth Mint data breach

A data breach at Perth Mint initially thought to have affected 13 customers turns out to have been far more extensive.

The government-owned bullion mint and precious metals trader confirmed that about 3,200 records were breached, with names, addresses, passport information and bank account details compromised. However, Perth Mint is confident that customers’ investments remain “safe and secure”.

Incident response

The true scale of the breach was discovered when Perth Mint investigated the incident. CEO Richard Hayes said: “Ongoing forensic investigations continue and we were made aware of this development over the weekend. We have moved quickly to contact the affected Depository Online customers in order to protect their interests.”

Hayes attributed the incident to a third-party vulnerability, and assured that the mint’s internal systems had not been compromised. Nonetheless, a breach is a breach no matter how it occurred – or, indeed, how many people are affected. Perth Mint should still be concerned that it wasn’t able to identify or mitigate the third-party weakness.

That said, the organisation responded promptly, and followed the correct protocol by investigating the incident, informing affected customers and notifying the Office of the Australian Information Commissioner, Western Australian Police and Australian Federal Police.

This shows that Perth Mint has strong incident response capabilities, which will have helped it mitigate the damage and cost of the breach.

Get #BreachReady

Your organisation can be similarly prepared for a breach by following our #BreachReady advice.

The initiative was created to help organisations understand and prepare for information security incidents. It’s no good hoping that you won’t be breached or assuming that you can improvise your response. When a breach happens, you need to act quickly and decisively – and that requires planning.

Fortunately, you can discover everything you need to know with our step-by-step guide to data breach response. We also provide advice on which tools and services you should use to meet each of those steps.

Find out more >>