Beaver Novello Moss – FAQs

1. What happened and what did the incident involve?

Beaver Novello Moss was a victim of an email compromise, whereby an unknown cyber attacker accessed three of our email accounts. The Attacker used these email accounts to attempt to access MYOB accounts belonging to some of our clients.

We immediately undertook steps to remediate the breach and the evidence strongly suggests that these steps terminated the attacker’s access to the mailboxes and MYOB accounts.

We appointed a cybersecurity forensic expert to undertake a thorough investigation of our network, and to help us implement measures to ensure that a breach like this does not happen again.

Our forensic investigation revealed that the cyber attacker sent numerous malicious phishing emails to three of our email accounts.

There is no evidence that the attacker downloaded the mailboxes for these email accounts. However, because the attacker had access to them, in an abundance of caution we have proceeded on the assumption that the information contained has been accessed by the threat actor.

Our forensic investigation did not uncover evidence that the attacker did download an external copy of the mailboxes, however the nature of the access to the mailboxes suggests that the attacker could have done so.

Erring on the side of caution, we reviewed the mailboxes to determine the amount and type of personal information they contained. During this review, we identified emails, documents and forms that include your personal information.

Due to the nature of personal information that was unlawfully accessed by the cyber attacker in the mailboxes and our client’s MYOB account, we consider that it could potentially lead to you being a victim of fraud. Accordingly, we sent you an email / letter notifying you of the incident and the steps we recommend you take to protect yourself from fraud. The notification states the specific types of information relevant to you.

2. When and how did the incident occur?

Beaver Novello Moss became aware of the suspicious activity by the cyber attacker on 14 August 2021. We immediately engaged a third-party forensic expert to assess the incident and investigate the extent of the compromise - who have now finished their investigation.

The forensic expert determined that on 2 June this year, the cyber attacker sent numerous malicious phishing/spam emails to three of our mailboxes which pointed to credential harvesting websites. Once the attacker had unlawfully obtained these credentials, they were able to log on and deactivate multifactor authentication for the MYOB accounts.

3. How did Beaver Novello Moss become aware of the incident?

On 14 August, Beaver Novello Moss was informed by one of our clients that payroll information in its MYOB account had been manipulated by threat actors. We undertook and immediate investigation into the incident and determined that the threat actor had gained access to our system as well. At this point, we also changed all passwords for all of our accounts to ensure that the threat actor no longer had access.

4. Does the attacker still have access to my personal information?

The attacker was evicted from the mailboxes by implementing password changes, the threat actor no longer has access to these mailboxes.

In light of the attacker’s access to the mailboxes, there is no guarantee that the attacker did not download your personal information onto an external device to obtain a copy of that information.

However, we do not have evidence to suggest that this occurred. Nonetheless, if you follow our recommendations to protect your information, as detailed in the notification we sent to you, your risk of becoming a victim of financial fraud or identity fraud will be reduced.

5. Did the attacker access my credit card/bank details?

Our investigation did not reveal evidence to suggest that your financial details were accessed. However, there was small number of individuals who may have had their bank details, credit card details and/or TFNs accessed. Hence we are contacting you to provide this information and recommendations to protect your information and to avoid becoming a victim of financial fraud.

6. Have any regulators been notified of the incident?

Beaver Novello Moss has notified the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC) of the incident.

7. Is it usual for an organisation to take weeks to complete an investigation an incident like this?

We wanted to ensure that we gathered all relevant and accurate information before we relayed any advice to you. Cyber incidents of this nature are increasingly complex, and it often takes weeks or even months to identify the extent of data accessed by cyber attackers. In the interests of protecting you, we have been committed to undertaking a thorough investigation to obtain accurate findings, so that we could be entirely transparent with you. Once we concluded our investigation, we endeavoured to contact you and those who had been affected as soon as possible.

8. Do I need to do anything?

As We advised in our notification, we recommend that you:

· check your bank account statements for signs of suspicious activity and if you see anything unusual, contact your bank to discuss options as required;

· obtain a free credit report from Equifax (via the link provided in the notification) to identify whether your identity information has been misused in any way;

· implement sufficiently complex passwords on your emails and social media accounts and ensure that you change them on a regular basis;

· ensure that you have up-to-date anti-virus software installed on your systems; and

· remain extra-vigilant and monitor your systems for any suspicious activity.

If you are understandably concerned about your identity or financial information being misused, you may engage the services of IDCARE, who provide a national identity cyber security service to individuals, free of charge.