Due to unusual activity on our systems we have engaged cyber security experts and commenced a thorough investigation of our IT systems.
Update from 9 April 2020
Q: What happened?
On Sunday 15 March we became aware of unusual activity on our systems which appears to be the result of a targeted and organised attack. We subsequently became aware that the cyber attacker has started to publish some client and employee information on an online forum controlled by it.
All our customers and employees have been notified that some data has now been made public.
Q: When did the incident occur?
We became aware of the incident in the early hours of 15 March.
Q: Have you contacted impacted customers?
All customers have been contacted.
Q: How are operations being impacted?
Operations continue as normal.
Q: How long will the investigation take?
We are committed to a thorough investigation and will devote as much time as necessary to get to the bottom of this situation. We are not prepared to put a time frame on this.
Q: How many customers are affected?
At this stage of our investigations it is not possible to accurately determine this.
Q: What has Henning Harders done about this?
We immediately engaged a leading cyber forensics firm to conduct an urgent investigation and this investigation is still underway. We have engaged legal advisers to advise us and have also commenced a comprehensive internal review of our systems and processes.
We have also notified our customers and staff, including outlining some practical steps they can take to maximise protection of their data.
We are committed to continuous improvement in all areas of our business and this extends to our data protection practices and policies. We have taken additional steps to further fortify our data security systems to defend against further intrusions and ensure that any risk associated with this issue is appropriately managed.
- All client passwords at our end have been changed as a matter of course;
- We have implemented bank grade security tools across all systems and platforms; and
- We have established virtual private networks for all remote access into our network.
Q: Has Henning Harders notified relevant regulators?
Formal notifications have been made to the Australian Cyber Security Centre; ReportCyber; and the Office of the Australian Information Commissioner (OAIC).
We are working co-operatively with these agencies.
Q: Who do I speak to for more information?
We understand that affected customers may have further questions about this incident.
Please contact your key account manager for further information.