Update On Cyber Matter

In February 2024, we experienced a cyber incident where an unauthorised third party accessed our system. As soon as this was detected, we took immediate steps to engage external cybersecurity experts to assist us to contain the situation, and conduct an urgent and comprehensive investigation.

We have determined that there has been no evidence of any additional indicators of compromise since February 2024. The forensic analysis also found no evidence of lateral movement into any customer network. Based on known information as well as the advice of our internal and external
cybersecurity experts, we consider this incident has been contained since that time.

ZircoDATA is primarily in the business of physical record storage. Our investigation found that the systems used for physical storage were not impacted. Our investigation did identify evidence that a subset of data was accessed and stolen from one of our corporate file servers.

Since becoming aware that this data was published on the dark web, ZircoDATA has been urgently analysing the impacted dataset and communicating with impacted customers. Our ongoing investigation is well advanced, and the vast majority of impacted information is corporate data.

Despite recent media speculation, we have identified that only a very small number of customers have had personal information impacted, and we have been engaging with them directly. While some of our customers have notified affected individuals, we expect there will be a small number of
additional notifications in coming days and weeks. We have taken this matter extremely seriously and we will continue working with our customers to provide them with the information they need so that individuals can be notified in line with regulatory obligations.

We understand the importance people place on their personal information, and we sincerely regret the incident occurred, particularly those who have been notified that their personal health records may have been accessed. We will provide further updates should new relevant information become

If you have a question about this incident, please email lclancy@porternovelli.com.au