How did this happen?
Regis was the victim of a cyber attack in July 2020 by an international criminal organisation. The criminal organisation target businesses by hacking servers and copying data and demanding a ransom for them not to release the data they have stolen. In the attack on Regis they were able to access a number of locally saved files and copy data.
Where is my information?
To the best of our knowledge, the information the cyber attackers copied was for a period of time available on the internet. This has now been blocked on Australian servers and Victoria Police are working on having it blocked internationally. However, as it was released, we advise notifying your bank and changing your passwords if you are notified by us that any of your unique identification information has been disclosed.
What did Regis do to avoid this? What has Regis done to avoid this again?
Regis had appropriate IT security in place. In light of the breach, we have reviewed our IT security and received advice on how it can be improved further to avoid future cyberattacks.
Has anyone had their identity stolen?
To our knowledge, no individual involved in this disclosure has been the victim of identity theft or fraud.
What are Regis going to do about this?
We have notified the Office of the Australian Information Commissioner, Victoria Police and have engaged external security experts to ensure a proactive approach in mitigating the harm from this breach and to prevent future breaches from occurring.
How long was it on the internet for?
To the best of our knowledge, the information was available for several weeks.
Who can I talk to about this?
We have set up a hotline for queries at 1300 765 340.