Property company Meriton has disclosed that nearly 36GB of data was exfiltrated in a January 14 cyber incident affecting its Meriton Suites business unit.
In an FAQ posted to its website, the company said it has notified nearly 1900 Meriton Suites staff and guests of the breach, and said they have “received tailored advice in respect to recommended steps that should be taken.”
The breach did not affect the company’s customer database, and the company said its investigation “has revealed no evidence that affected individuals have had their information misused.”
“Very little of the data was PID [personally identifying data] related or sensitive information," it said.
The company did identify one system possibly affected in the breach: a system used to record “incident reports”, which appear to record both a guest’s name and that of the Meriton staffer recording the incident.
That may also include “information regarding your health at the time of the incident (such as any injury sustained in the incident)”, Meriton’s FAQ said.
Meriton said it has engaged cyber security and forensic experts, and has been “implementing enhanced cyber security measures to protect Meriton’s network as well as extensive network monitoring”.
It informed the Office of the Australian Information Commission (OAIC) of the breach, and said: “As a result of the measures taken by Meriton, the OAIC closed its file on Monday March 20 2023.”
