Australian utility provider Sumo has suffered a data breach, the company has confirmed, with customers’ personal information, including credit scores and licence numbers, posted online.
Sumo executive chairman Kel Fitzalan emailed customers on Wednesday, apologising and informing them that an issue with a “third-party file storage application” had caused the breach.
According to Fitzalan, information taken included full names, addresses, dates of birth, mobile phone numbers, credit scores and licence numbers. Sumo, which is headquartered in Victoria, is thought to have more than 60,000 customers across its electricity, gas and internet products.
“On Monday evening, 13 May 2024, Sumo became aware of an incident where customer data was accessed by an unknown person via a third-party file storage application used by Sumo. We can confirm that none of Sumo’s systems were affected,” Fitzalan said in the email to customers, seen by this masthead.
“We are contacting you as we have identified that your personal information was accessed, and we deeply apologise.”
Loading
Fitzalan said Sumo had partnered with Australia’s national identity charity, IDCARE, to provide support to affected customers, including a complimentary credit and personal information monitoring subscription. The company said it did not hold copies of any identity documents, however.
“None of Sumo’s systems were accessed or affected and the third-party application also worked as designed,” a company spokesman said.
“After being informed of the incident late on Monday, Sumo has acted rapidly to investigate and secured the third-party application.