Physical security company Certis Security Australia has suffered a breach of its email system.
The company said no customer data is affected, but the personal information of some “employees and partners” has been accessed by a third party.
That information includes names, addresses, dates of birth, phone numbers and tax file numbers.
The company said while the activity on its email system was consistent with a “possible ransomware threat executed by a phishing email”, it did not say whether or not any ransom demand has been received.
It had “isolated and removed access to our email systems by the unauthorised actors to reduce the likelihood of damage to our systems or data loss.”
The company added that it has engaged a cyber security specialist to provide assistance.
“We have written directly to those employees and partners whom we have been able to identify, notifying them that their personal information had been affected by the unauthorised access, and to provide support and guidance on next steps," it said in a breach notice.
The notice had been accessible overnight but returned a “too many redirects” error when attempting to view it today.
The company has also brought in IDCARE to help support anybody affected.