We are writing to notify you of a data security incident that may have involved your personal information. This letter explains what happened and provides information about what you can do in response. We are taking this matter very seriously and sincerely regret any concern it may cause you.
Supagas discovered that an unidentified third party obtained unauthorised access to a file server. Based on our investigation to date, this occurred on February 11, 2021. We identified the breach on February 11, 2021 and acted immediately to contain it.
What Information Was Involved
We deployed outside cyber security experts who have concluded that whilst the server containing the information was accessed, there is no evidence of information being taken. However, as an abundance of caution, we felt it necessary to advise you.
For customers, this information may have included your name, email address, and other information (physical address, phone number).
For current and ex-employees, this information may have included your name, email address, driver’s license, home address, TFN, bank account information, superannuation account details, in some cases health information, police results, and visas.
What We Are Doing
We have been diligently investigating this incident with the assistance of outside experts. We also have notified the Office of the Australian Information Commissioner (OAIC). In addition, we have taken various steps to further enhance the security of our systems.
What You Can Do
As described in the "Additional Resources" section below, we recommend you remain vigilant and take steps to protect against identity theft or fraud, including monitoring your accounts and free credit reports for signs of suspicious activity.
For More Information
If you have any questions or concerns for Supagas, please contact the privacy office on PrivacyOfficer@Supagas.com.au
We are fully committed to protecting your information, and we regret that this incident occurred.
You may request a copy of your credit report to check if it includes any unauthorised activity. A credit reporting body must give you access to your consumer credit report for free once every 12 months.
At other times a credit reporting body may charge a fee, but it mustn't be excessive.
You can request a copy of your credit report from these credit reporting bodies:
Credit reporting bodies may hold different information about you, so you may need to request a copy of your credit report from all three credit reporting bodies.
If you suspect fraud, you can request a ban on your credit report using the information found at https://www.oaic.gov.au/privacy/credit-reporting/fraud-and-your-credit-report/
We recommend that you make the request to all three credit reporting bodies in case they maintain a consumer credit report on you.
If you have any questions about government-issued identity document information (such as your driver licence, passport or visa), contact the agency that issued the identity document for advice.
If you have any questions about financial information (such as your bank account number), contact your financial institution using the contact details on their website or in the phone book.
Change your passwords - Change your online banking account passwords. Use a strong password that you’ve not used for other accounts. Also, change your banking PIN number.
Check your account statements - Monitor your account transactions online or using paper account statements if you receive them. If you spot any purchases you didn’t make, report these immediately to your financial institution.
If you suspect your TFN has been misused please call the Client Identity Support Centre on 1800-467-033, or visit https://www.ato.gov.au/General/Online-services/Identity-security/Your-identity-security---get-help/
If you have any questions about health information, contact your health service provider using the contact details on their website or in the phone book.