Month: October 2022

Cathy Chambers’ love of learning and willingness to take on new opportunities have helped drive her career success.

Cathy is the first female general manager to be appointed within the Costa operations.  The Costa China farms grow blueberries, raspberries and blackberries in the Yunnan Province in southern China, and employ more than 200 permanent local staff, five expatriates, and more than 3600 casual and seasonal workers.

Cathy, who took on the role in June this year, said her key focus was continuing to drive the success and growth of the China business.

“I’m obviously very excited to be involved in a rapidly growing business.  In just seven years, we have grown from one farm of 25Ha to seven farms spread across three different regions with around 400 planted Ha.  And we intend to keep expanding at a similar pace.  It takes an amazing and resilient team to sustain this kind of growth: developing a new farm each year, while successfully managing ever-larger operations, and for the last three years, all during a global pandemic.  It’s a privilege to work with them,” Cathy said.

“Another key goal is to deepen the connections between our China business and the Australian operations.  This has been tough for the last three years because of COVID travel restrictions and quarantine requirements.  But once that changes, I look forward to regular visits, so we can exchange knowledge, experience and ideas much more effectively. I will also ensure that we continue to promote our integration with the local communities here in China.”

Cathy brings to the role a wealth of experience in a range of fields.  She started her career as an electronics technician, working for the Department of Defense at the Garden Island Dockyard in Sydney. From there, Cathy moved into technical writing, project management, training design, computer based training development, a brief period in recruitment and technology product advertising, and later into roles including Operations Manager and Marketing Manager with Scientific Management Associates, a private company involved in integrated logistics support.

In 2006, Cathy and her husband decided to give up the city life in Sydney, moving to a rural property at Halfway Creek (situated between Grafton and Coffs Harbour).

“We basically decided to retire early and enjoy our tree change.  We didn’t plan to look for work but would take opportunities if they came along.  After a period of time, a neighbour who was working at the Costa Berry farm at Corindi told me there was some work going and I started there working in recruitment and helping with inductions,” Cathy said.

That role led to various other work with Costa, starting with the Variety Improvement Program (VIP), which develops new blueberry varieties and licenses them around the globe.

Cathy continued to take on new opportunities and challenges, developing a deep knowledge of the Costa business and earning her stripes working up the ladder from administrative roles, to project leadership and management roles.

In 2016, Cathy took on the role of IP, Licensing and Administration Manager for Berries International, which includes the berry farms in China and Morocco. Again demonstrating the breadth of her ability, Cathy’s role was expanded to incorporate international human resources and safety functions in 2019.

In June of 2022, Cathy was appointed General Manager of the Costa China operations.

“I’ve had a long association with the China team, with regular short-term visits plus a period of around five months as acting General Manager,” she said.

“It’s a challenge for anyone to relocate to a new country and adapt to a new culture, but my earlier experiences helped me prepare for the leap.”

Making the move in the middle of the COVID pandemic posed additional challenges, with a total of six weeks full and partial quarantine before she was able to settle into to her new home.

And with China taking a zero-tolerance approach to COVID, there are still a number of challenges including health and travel code requirements, numerous checkpoints to navigate, and regular PCR testing before travel within the country.

Despite the hurdles, Cathy is extremely positive about both her role and the China business.

“I have always had a place in my heart for the China operations. It’s a great team and a great business, and there are huge opportunities here given the demand for fresh, healthy berries”.

“I have always felt very welcome here. I have found all the people I interact with are very kind and open, and it’s an enjoyable culture to work in.”

Cathy said she was grateful to be given new opportunities and that her skills have been recognised.

“The opportunities are there if you are willing to take a chance. My whole career has been driven by a love of learning and an insatiable curiosity. I have had plenty of opportunities, and I have been blessed to have the ability and willingness to pursue them. You need to believe in yourself and have the confidence to try new things.”

She said her mother, only the second woman to be accepted into a degree at Cambridge University in England, who then went on to get her Master’s degree in science and work in metallurgy research, was also an incredible role model.

As Costa’s first female general manager, Cathy is hopeful she too can provide inspiration, but not just for women in agriculture.

“Diversity isn’t only about objective, measurable things like gender, ethnicity , age etc.. It’s also about backgrounds, experiences, communication styles, intellectual diversity and so on.  People are the most important part of our business and wide diversity brings real riches to any organisation.”

Costa has been subjected to a malicious and sophisticated IT phishing attack.

The attack occurred on 21^st August 2022 and an intensive recovery and detailed review in conjunction with external IT security consultants of the incident commenced from this date.

As a result of this we have now established that access to data was confined to a single server at the Costa Corindi (NSW) site, which holds data for the berry category, and that only approximately 10% of the data on the Corindi file server was accessed.

These protective actions slowed operations, requiring the use of manual workarounds at certain sites and delayed some deliveries.  The impacts have largely subsided as we have restored the majority of our network and systems and there was no loss of data, and no material impact to operations, or earnings.

Although only approximately 10% of the data on the file server was accessed it is not clear what specific data was accessed due to the hacker encrypting their downloads.

Much of the information that was stored on the server is not personal information, however there is a risk that personal sensitive information of workers on Costa’s Australian berry farms may have been accessed.  To date, there is no evidence that any personal information has been leaked or uploaded to any sites.

This includes employees directly hired by Costa’s berry category since 2013 or provided by labour hire organisations since 2019.

This sensitive information may include the following:

• Passport details
• Birth Certificate
• Travel documents
• Australian Citizenship Certificate
• Bank details
• Superannuation details
• Tax File Numbers (TFN)

This information was collected in the first instance to satisfy certain laws relating to the employment of citizens and non-citizens and has been retained as per relevant record retention requirements.

Costa has notified the relevant authorities of this attack, including the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.

Costa has taken steps to protect against any further malicious attack, including limiting traffic to servers, increasing the level of end point protection and scheduling additional employee training relating to phishing and social engineering practices.

To minimise impact to individuals from the attack, we have been and continue to conduct continuous monitoring of the dark web to detect if any information from the server has been posted.

We can confirm to date, that we have not identified the publication of any such information.

We recommend that people who may be affected take precautionary measures to reduce the risk of their data being used unlawfully.

Examples of such measures include:

• Notifying your bank about the incident to ensure that extra checks are done by your bank.
• Notifying your bank/financial institution of any suspect transactions.
• Notifying your telecom provider to ensure they make you aware of any requests to redirect your phone calls/messages to reduce unauthorised attempts to bypass multi-factor authentication.
• Obtaining periodic credit checks to monitor for suspicious activity. Further information on credit checks can be obtained at https://www.idcare.org/fact-sheets/credit-reports-australia.
• Changing your email passwords.
• Enable Multi Factor Authentication on any sensitive accounts you may have such as banking and financial institutions.
• Changing any PIN/password for accounts that includes part or all of the data that may have been accessed (eg. Birth date in password, street address in password etc.).
• Notifying the Australian Federal Police if you suspect you have been subject to identity theft.
• Contact the Australian Taxation Office Client Identity Support Centre if you suspect the misuse of a TFN.

Costa Group Interim CEO Harry Debney noted –

 “This is a malicious attack, which was sophisticated in its execution.  Our first concern is for the impact this may have on our current and former employees.  With this firmly in mind, we continue to do everything we can to minimise any adverse consequences and to strengthen our cyber security protections.  I can also confirm that no core business applications were accessed, nor was any customer or supplier data comprised by the attack.”

Costa understands that what has occurred may cause concern and uncertainty, which is why we have set up a dedicated number to contact for any potentially impacted workers who may have questions or concerns about this incident.

The number is 1300 282 470 and will operate for the next month from the date of this statement.  It is available to contact Monday to Friday, between the hours of 9am to 5pm (AEDT).  If dialling this number, please select option 1.

Queries can also be emailed to cybersecurity@costagroup.com.au

We sincerely apologise to any one affected and are committed to minimising the impacts of this event and ensuring that similar events do not occur in the future.

General enquiries about this statement contact Michael Toby: +613 8363 9071