Security Update
Important information about a cyber incident at Meli
As at Thursday 26 August 2024
To our valued clients,
We are currently investigating a cyber incident that has impacted our organisation.
As soon as we detected the incident, we took steps to secure our system. We also partnered with leading forensic specialists and cybersecurity advisors to investigate what has happened. Our investigation is ongoing.
What has happened?
Our investigation has unfortunately identified evidence that a subset of data has been taken from this system. We are aware of a claim that this information has now been published externally by an unauthorised third party. We are urgently investigating the nature and extent of the published dataset.
We have informed the Australian Cyber Security Centre (ACSC), Victorian Police, the Office of the Australian Information Commissioner, Office of the Victorian Information Commissioner and relevant departments in the Victorian and Commonwealth Governments about the incident. We will continue to cooperate with law enforcement and the relevant government agencies as required.
Servicing our clients is our utmost priority. By way of transparency, many aspects of our work will revert to manual or paper-based processes in the short-term. That said, at this stage, our services to clients will continue as normal. We will let you know if this situation changes, and we thank you in advance for your patience and understanding.
We appreciate that you would like to know more but this incident is complex and requires specialist review and investigation. It’s important that we take the time to investigate what has happened.
Our investigation is ongoing, and we are committed to keeping you informed as soon as we have relevant information to share.
Looking after your personal cyber security
While our investigation continues, we recommend you take the following precautionary steps to protect your personal information:
- Please remain vigilant and monitor for any suspicious activity, including any communications from an unverified person by phone or email requesting information or payments. This includes phone calls from common names or any communications disguised to look like they come from someone you know or trust.
- Verify communications by confirming the identity of the sender. This includes checking email names and domains by hovering your mouse over the sender’s email address.
- Do not open links that look suspicious. If you are unsure about a link sent to you by a company, you should go to the company’s website and look for the product or service that was offered.
- Be alert to phishing scams. This could include scams that target you through post, phone or email. Phishing scams are attempts by scammers to trick people into providing their personal information, including passwords, credit card numbers and/or sensitive personal information, often by creating a sense of urgency.
Further information about online safety, cyber security and other helpful tips can be found at the Australian Cyber Security Centre website or the ACCC’s Scamwatch website.
Next steps
We will always ensure any updates about our investigation into the cyber incident are communicated to you.
We sincerely apologise for any concern this incident may have caused. All of us at Meli thank you for your ongoing support in enabling us to continue serving our local community.
Important questions right now
Our investigation has unfortunately identified evidence that a subset of data has been taken from this system.
We are aware of a claim that his information has now been published externally by an unauthorised third party. We are urgently investigating the nature and extent of the published dataset.
We understand that you would like to know more but this incident is complex and requires specialist review and investigation. It’s important that we take the time to investigate the nature and extent of the published dataset so that we can communicate with accuracy.
We are committed to communicating transparently and with integrity, and we will update you as soon as we have relevant information to share.
While our investigation continues, we recommend you take the following precautionary steps to protect your personal information:
- Please remain vigilant and monitor for any suspicious activity, including any communications from an unverified person by phone or email requesting information or payments. This includes phone calls from common names or any communications disguised to look like they come from someone you know or trust.
- Verify communications by confirming the identity of the sender. This includes checking email names and domains by hovering your mouse over the sender’s email address.
- Do not open links that look suspicious. If you are unsure about a link sent to you by a company, you should go to the company’s website and look for the product or service that was offered.
- Be alert to phishing scams. This could include scams that target you through post, phone or email. Phishing scams are attempts by scammers to trick people into providing their personal information, including passwords, credit card numbers and/or sensitive personal information, often by creating a sense of urgency.
Further information about online safety, cyber security and other helpful tips can be found at the Australian Cyber Security Centre website or the ACCC’s Scamwatch website.
As soon as we detected the incident, we took steps to secure our system. We also partnered with leading forensic specialists and cybersecurity advisors to investigate what has happened.
We have also informed the Australian Cyber Security Centre (ACSC), Victoria Police, Office of the Australian Information Commissioner, Office of the Victorian Commissioner and relevant government agencies about the incident. We will take all reasonable steps to work with law enforcement and the relevant government agencies as required.
Our investigation is ongoing and we will update our stakeholders with any information relevant to them.
If you require further information or need assistance, please feel free to contact Meli on cyber@meli.org.au