Cyber attack

Costa has experienced a malicious and sophisticated IT phishing attack.

The attack occurred on 21st August 2022 and an intensive recovery and detailed review in conjunction with external IT security consultants of the incident commenced from this date.

As a result of this we have now established that access to data was confined to a single server at the Costa Corindi (NSW) site, which holds data for the berry category, and that only approximately 10% of the data on the Corindi file server was accessed.

These protective actions slowed operations, requiring the use of manual workarounds at certain sites and delayed some deliveries.  The impacts have largely subsided as we have restored the majority of our network and systems and there was no loss of data, and no material impact to operations, or earnings.

Although only approximately 10% of the data on the file server was accessed, it is not clear what specific data was accessed due to the hacker encrypting their downloads.

Much of the information that was stored on the server is not personal information, however there is a risk that personal sensitive information of workers on Costa’s Australian berry farms may have been accessed.  To date, there is no evidence that any personal information has been leaked or uploaded to any sites.

This includes employees directly hired by Costa’s berry category since 2013 or provided by labour hire organisations since 2019.

This sensitive information may include the following:

  • Passport details
  • Birth Certificate
  • Travel documents
  • Australian Citizenship Certificate
  • Bank details
  • Superannuation details
  • Tax File Numbers

This information was collected in the first instance to satisfy certain laws relating to the employment of citizens and non-citizens and has been retained as per relevant record retention requirements.

Costa has notified the relevant authorities of this attack, including the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.

Costa has taken steps to protect against any further malicious attack, including limiting traffic to servers, increasing the level of end point protection and scheduling additional employee training relating to phishing and social engineering practices.

To minimise impact to individuals from the attack, we have been and continue to conduct continuous monitoring of the dark web to detect if any information from the server has been posted. We can confirm to date, that we have not identified the publication of any such information. We will seek to notify you promptly if our monitoring processes detect this information via a further website posting on the Costa Group website.

We recommend that you take precautionary measures to reduce the risk of your data being used unlawfully. Examples of such measures include:

  • Notifying your bank about the incident to ensure that extra checks are done by your bank.
  • Notifying your bank/financial institution of any suspect transactions.
  • Notifying your telecom provider to ensure they make you aware of any requests to redirect your phone calls/messages to reduce unauthorised attempts to bypass multi-factor authentication.
  • Obtaining periodic credit checks to monitor for suspicious activity. Further information on credit checks can be obtained at https://www.idcare.org/fact-sheets/credit-reports-australia.
  • Changing your email passwords.
  • Enable Multi Factor Authentication on any sensitive accounts you may have such as banking and financial institutions.
  • Changing any PIN/password for accounts that includes part or all of the data that may have been accessed (eg. Birth date in password, street address in password etc.).
  • Notifying the Australian Federal Police if you suspect you have been subject to identity theft.
  • Contact the Australian Taxation Office Client Identity Support Centre if you suspect the misuse of a TFN.

We understand that this may cause concern and uncertainty, which is why we have a dedicated number for any potentially impacted workers to contact who may have questions or concerns about this incident.

This number is 1300 282 470 and will operate for the next month from the date of this posting.  It is available to contact Monday to Friday, between the hours of 9am to 5pm AEDT.  Please dial the number and select option 1.

You can also email cybersecurity@costagroup.com.au with any queries.

We sincerely apologise and are committed to minimising the impacts of this event and ensuring that similar events do not occur in the future.