Sumit Bansal, Asia Pacific vice president at cloud security company BlueVoyant, said recent breaches including Meriton took advantage of the fact that data was not just concentrated in one place, but duplicated and shared with suppliers and other parties.

“Meriton is a reminder for companies to look at their vendors, suppliers, and other third parties. We have been hit with a series of supply breaches over the past few weeks with Latitude Financial and The Good Guys … these companies are not the only ones to be negatively impacted by a breach related to a third party, and most likely will not be the last,” he said.

“Organisations should only provide employees and third parties with access to the data needed for their role. This helps to control what data can be accessed in the event of a breach. They should also put policies in place to prevent third parties from retaining data after their services are no longer used.”

In the past, supply chain hacks have been used to spread malicious software through networks of clients and end users, as with Sunburst in 2020, and Kaseya in 2021. But in these latest attacks, as with some affecting Telstra, NAB and others last year, the target appears to be personal information that can be sold or leveraged for fraud.

The Office of the Australian Information Commissioner recently reported that, in the second half of 2022, it was notified of 497 breaches – a 26 per cent increase compared with the previous half.

Loading

Of the top 40 breaches that each affected 5000 Australians or more, 33 were the result of cybersecurity incidents.

“Organisations should take appropriate and proactive steps to protect against and respond to a range of cyber threats,” Privacy Commissioner Angelene Falk said this month.

“This starts with collecting the minimum amount of personal information required and deleting it when it is no longer needed.”

Meriton has been contacted for comment.

Get news and reviews on technology, gadgets and gaming in our Technology newsletter every Friday. Sign up here.