The Dialog Group customers, staff hit by data breach

Another Australian-based business owned by Singtel has suffered a data breach, with The Dialog Group's clients and employees affected.

Dialog, an IT consulting company which was acquired by Singtel's technology services subsidiary NCS in April for $325 million, claimed that fewer than 20 clients and 1,000 current and former Dialog employees were included in the breach.

Announced on Dialog's website and the Singapore stock exchange (SGX) through Singtel, the breach was detected on 10 September, with the IT consulting company shutting down its servers for two days as a preventative measure.

“We contracted a leading cyber security specialist to work with our IT team to undertake a deep forensic investigation and continuous monitoring of the dark web,” the statement on Dialog’s website read.

“Our ongoing investigations showed no evidence of unauthorised downloading of data.”

However, on 7 October a “very small sample of Dialog’s data, including some employee personal information, was published on the dark web”.

The IT consultancy has notified the Office of the Australian Information Commissioner and the Australian Cyber Security Centre about the breach and is in the process of supporting potentially impacted individuals against the risk of fraudulent activity.

In Singtel’s announcement on the SGX, it added that Dialog’s systems are independent from NCS, Optus and itself and claimed “there is no evidence there is any link between this incident and the recent event experienced by Optus.”

Regardless of independent systems, this is the second instance of a Singtel-owned business suffering a data breach in over two weeks. On 22 September, Optus flagged up to 9.8 million customers had their data exposed, which included drivers licence numbers and passport numbers.

A day later, the telco said the investigation was “subject to a criminal investigation”.

The incident is now undergoing a criminal investigation and may face several class action cases - one instigated by law firm Slater and Gordon and another from Maurice Blackburn Lawyers. 

It also called on global systems integrator Deloitte to conduct an independent security review following the breach.