Compass Group Australia Cyber Incident Compass Group Australia

pCompass Group Australia has been investigating a cyber incident since early September which resulted in an unauthorised third party accessing some data from our systemsppSince we became aware of the incident we have worked continuously with forensic experts and specialist legal counsel to remove the threat implement additional monitoring and surveillance and verify what information was compromised ppProtecting our people and our clients is our highest priorityppIn anticipation that the accessed data may be illegally published online in the coming days or weeks we are taking a number of legal steps to prevent this activity and limit its impact This includes working with the Australian Federal Police to remove any material that is posted and taking court action to prevent any party from republishing that data  ppOur investigations into the nature and extent of the impacted data indicate that it primarily relates to a relatively small number of Compass Group Australia employees including former employees  We are in the process of formally notifying and supporting the individuals we have been able to identify so farppWe are also communicating with our clients Compass Group Australia generally holds minimal client data but we will communicate with our clients directly as soon as possible if we identify any of their sensitive data to be at riskppWe sincerely apologise for any concerns this incident has caused and encourage everyone to remain vigilant to any misuse of their personal information by taking the following general precautionary stepsppCompass Group Australia has been investigating a cyber incident since early SeptemberppThe investigation is ongoing and we are continuing to work closely with leading global cybersecurity experts specialist legal counsel and regulatory authoritiesppYesterday our security measures detected unauthorised activity on a server recently brought back online In line with our security protocols we disabled that system and contained the threat  ppOur priority is to ensure the ongoing security and stability of our systems and to provide support to those individuals whose highrisk information has been impacted ppImportantly we have progressed the forensic analysis of the data that we know has been impacted and have begun notifying people directly in instances where highrisk data has been accessed  ppWe sincerely apologise for any impact on our employees clients or suppliers ppWe have put in place a range of support measures for those who have been affected including access to external professional support and advice on the precautionary measures people can take to safeguard their personal information ppWe will continue to update our employees clients and suppliers as more details become availableppIn early September 2024 Compass Group Australia detected unauthorised activity in part of our IT environmentppWe immediately activated our incident response plan Thirdparty forensic experts were engaged and the affected systems were proactively disabledppWhile we acted early to contain the incident our investigations found that some data was taken from our systems by an unauthorised third partyppCompass Group Australia takes cybersecurity and data protection very seriously and every effort is being made to understand the nature and scope of the affected data  ppWe have communicated with clients suppliers and employees and apologise for any concern this incident has caused We will continue to provide direct updatesppWe have notified the relevant authorities including the Australian Cyber Security Centre and the Office of the Australian Information Commissioner who are providing support and assistance    ppCompass Group is taking a methodical approach to the restoration of systems to ensure that we can confidently restore systems in a safe and secure way Our priority is to ensure the integrity of our network and minimise the risk of future threats The majority of systems have now been brought back onlineppWhile the extent of the incident is still under investigation we encourage employees customers and suppliers to be vigilant across their digital accounts including looking out for any unusual activities  ppWe will continue to post updates on our website as they become available ppAfter we became aware of the issue in early September 2024 we immediately launched our incident response plan and proactively disabled some systems as a precaution and to remove any ongoing threatppWhile there have been minimal operational impacts in some instances we are using standard manual processes to continue to provide services during this time  We apologise for any inconvenience caused while our systems remain offlineppWe are engaging with our clients suppliers and employees regularly and we will advise when we are ready to restore all our impacted systems in a safe and secure way The majority of systems have now been brought back onlineppOur focus is on ensuring a secure and stable environment for our clients suppliers and employeesppWe are working closely with thirdparty forensic experts to investigate this incident and understand the nature and scope of the affected datappWhile we are undertaking this investigation as a priority this may take some time to complete We are continuing to update clients and will communicate directly with individuals to provide further information should it be identified that their highrisk information has been affected We have notified the relevant regulatory authorities including the Australian Cyber Security Centre and the Office of the Australian Information Commissioner who are providing active support and assistance     ppWe will provide relevant updates as the investigation unfolds ppA small number of Compass Group systems are managed across Australia and NZppOur thirdparty forensic team is working hard to understand exactly what information has been compromised Based on investigations to date there is no evidence to suggest that data held by New Zealand systems has been impactedppAs a precaution we have notified the National Cyber Security Centre and engaged with the Office of the Privacy Commissioner in New Zealand  We continue to work with these agencies as required We will provide relevant updates as the investigation unfoldsppWe have been engaging with our clients suppliers and employees regularly on operational issuesppIf our investigations identify that highrisk information has been impacted by this incident we will communicate directly with individuals to provide further information and offer guidance and advice on next stepsppIn the meantime we have provided general advice to our people about how to proactively manage their data privacyppYes We have reported the incident to the Australian Cyber Security Centre and the Office of the Australian Information Commissioner who are providing assistance and support We have also notified law enforcementppWe have also notified the National Cyber Security Centre and engaged the Office of the Privacy Commissioner in New Zealand as a precaution We continue to work with these agencies as required We will provide relevant updates as the investigation unfoldsppHere are some steps that everyone can take to protect themselves against identity theft scams or fraudppIf our investigations identify that highrisk information has been impacted by this incident we will communicate directly with those individuals to provide further information and offer guidance and advice on next stepsppAny further enquiries or concerns can be directed to email protectedppShareppCompass Group Australia a leader in food and support services will be the joint facility services provider for the new Melton Hospital Supporting the MeltonppOn 23 October eight members of Restaurant Associates our premium corporate hospitality team laced up to take part in the Sydney JP Morgan Corporate ChallengeppPositive change for our planet begins with the choices we make today As we work toward our commitment of achieving Climate Net Zero greenhouse gasp