FMG hit by cyber hack incident

Andrew Forrest-chaired Fortescue Metals Group is confirmed to be the latest victim in a cyber attack incident, believed to be linked to a Russian ransomware group.

A Fortescue spokesperson confirmed there had been a cyber security breach but has downplayed the impact.

“We take the protection of our employees’ personal information seriously and we have strong measures in place to safeguard our business from potential cyber threats,” the spokesperson said.

“Despite these efforts, Fortescue was subject to a low impact cyber incident on 28 May 2023 which resulted in the disclosure of a small portion of data from our networks.

“Importantly, our investigations showed that this information was not confidential in nature.

“We notified the Australian Cyber Security Centre of the incident, and our internal investigation and remediation actions are now complete.”

Russian ransomware group Cl0p reportedly announced it has breach FMG’s data, in a post on a dark web site.

Cl0p has also reportedly leaked data from Crown and Rio Tinto online earlier this year.

Last month, the state government’s Insurance Commission of Western Australia confirmed that its data has been compromised as part of a cyber hacking incident of national law firm HWL Ebsworth (HWLE).

The Insurance Commission is the sole compulsory third party insurer for motor vehicle personal injuries in Western Australia.

HWLE reported a cyber-incident after a threat actor identifying as ALPHV/BlackCat made an online post claiming to have exfiltrated the law firm’s data in May.

ALPHV or BlackCat ransomware is a program associated with Russian-speaking cybercrime actors.

The commission confirmed HWLE provided it legal services and that its data held by the law firm had been compromised.