March 30, 2023
Cyber Security Notice
In early March 2023, Biodynamic Marketing Co Ltd (“BDM”) identified that it had experienced a cyber security incident, which may have affected the personal information of people who have worked with us.
We immediately engaged market leading cybersecurity experts to assist us respond to the incident.
Based on the investigations undertaken to date, there is no direct evidence that the cybercriminal has accessed or published any personal information we hold about our employees and other stakeholders. However, we cannot rule out that some personal information may have been accessed. Out of an abundance of caution, we wanted to inform stakeholders about the incident and provide recommendations that can be taken to assist individuals protect themselves against the risk of harm.
Please understand that our investigation is still ongoing, and we will provide a further update on this website if anything changes.
BDM takes your privacy seriously and we are sorry that this has happened. If you have worked with us before and would like more information on how to protect yourself, we recommend that you read our FAQ section below.
In early March, BDM identified unauthorised activity that affected its computer systems. We took immediate action to contain the incident and began an investigation with the assistance of our IT team and market leading cybersecurity experts. The investigation was complex due to our systems being encrypted as part of the attack.
What information is impacted?
While we have no direct evidence that personal information has been accessed or published, we cannot rule out that some may have been accessed. This is primarily employee records and payroll data.
Such information typically includes names, addresses, date of birth, bank details, superannuation details and tax file numbers (TFNs) of current employees and some former employees who have worked with us since the financial year ending 30 June 2019.
We are continuing to monitor for any evidence that personal data has been exposed online and so far, we’ve seen no evidence that it has been.
What have we done?
Our priority was containing the incident with the assistance of our IT team and leading cybersecurity experts.
Since then, we have notified the Australian Cyber Security Centre, Australian Tax Office and the Office of the Australian Information Commissioner.
Current and, where possible, former employees who have been affected by this cyber-attack have been emailed.
The purpose of this website update is to notify our other stakeholders and formal employees whose details may have changed since being employed with us.
We are also implementing network security enhancements in accordance with recommendations from leading cybersecurity experts, and making numerous other changes as we continue to improve our cyber resilience.
What you can do
There are various steps that can be taken to reduce the risk of harm associated with access to an individuals’ personal information.
- Look out for scammers – including suspicious emails, texts, phone calls or messages on social media. Further information on online safety, cyber security and helpful tips to protect yourself and respond to scams, identity theft and other online risks, can be found at the following government agency websites:
- Enable multi-factor authentication for your online accounts where possible.
- Consider changing your online account passwords. The Australian Cyber Security Centre provides guidance around good password practices: https://www.cyber.gov.au/acsc/view-all-content/advice/passwords-pins-and-passphrases.
- Ensure you have up-to-date anti-virus software installed on any device you use to access your online accounts.
- Visit https://www.oaic.gov.au/privacy/your-privacy-rights/tips-to-protect-your-privacy/ for further guidance about protecting your identity.
- To monitor your financial records, you can apply for an annual free credit report or credit report ban from each of the consumer credit reporting agencies below:
- https://www.creditcheck.illion.com.au/; or
In addition, you should remain vigilant and on high alert with any emails or messages you receive. Please be careful not to open any attachments or click links unless you are certain about their authenticity.
What can I do to protect my Tax File Number?
BDM has communicated with current and, where possible, former employees who may have been affected by this incident. If you are a former employee or contractor who has since changed your details, and as result of this notification have concerns, you can contact the ATO directly to discuss what security measures can be put in place. Please contact us on firstname.lastname@example.org as soon as possible if you would like additional information about this.
How do I contact you?
If you have any questions or concerns, please reach out to us at email@example.com