NSW government casual recruiter suffers ransomware hit
IT recruitment firm Finite Recruitment has confirmed it experienced a cyber incident in October, which resulted in a “small subset” of the company’s data being downloaded and published on the dark web.
The Finite Group incident response team confirmed with ZDNet that when the incident occurred, business operations were not disrupted.
“Our security monitoring systems identified and closed down the threat quickly,” they said. “Since then, remedial works have been undertaken and the business has been fully operational.”
The company’s incident response team added it has been reviewing what data was stolen due to the incident.
“Following conclusion of this investigation, we will take steps to immediately contact any impacted stakeholders/individuals in accordance with our privacy obligations. Early indications suggest that only a relatively small number of individuals are impacted,” it said.
Finite Recruitment is listed on a leak site as one of the victims of the Conti ransomware for the purposes of double extortion. The listing shows the attackers claimed to have stolen more than 300GB of data, including financial data, contracts, customer databases with phone numbers and addresses, contracts with employees’ passport details, phone numbers, mail correspondence, and other information.
The recruitment firm currently provides casual support staff to several agencies across the NSW government.
“The Department of Customer Service is aware of an incident impacting Finite Recruitment’s IT environment and has engaged with the company on the issue,” a NSW Department of Customer spokesperson told ZDNet.
“The incident has not impacted any NSW government agencies or services.”
Just last week, the South Australian government confirmed the state government employee data was exfiltrated as part of a ransomware attack on payroll provider Frontier Software.
Treasurer Rob Lucas said the company informed government that some of the data have been published online, with at least 38,000 employees and up to 80,000 government employees possibly having their data accessed.
The data contained information on names, date of birth, tax file number, home address, bank account details, employment start date, payroll period, remuneration, and other payroll-related information.
Since November, Queensland government-owned energy generator CS Energy has been battling with a Conti infection on its corporate network. In an update provided last week, the company said it was continuing to progressively restore its systems.