Symantec has downplayed a data breach enabling a hacker to access passwords and an alleged list of its clients. The list includes major companies and government departments in Australia.
Guardian Australia has seen the list extracted in the February incident. The media outfit said the hacker targets all major federal government agencies. The same hacker also claimed responsibility for breaching and selling Medicare data on the dark web.
The cybersecurity giant said the incident was only a minor one. It claimed that the issue involved an isolated, self-enclosed Australian demo laboratory not connected to its corporate network. The company added it used the laboratory to demonstrate the company's various security solutions and how they work together.
Media outfits did not report the incident after Symantec concluded that no sensitive personal data leaked out. The security software firm added the case did not compromise the corporate network, email accounts, products, or solutions.
The hacker pulled out a list of alleged clients of Symantec’s CloudSOC services, account numbers, and account managers. However, Symantec insisted data stored in the system in a demo lab were only for demonstration purposes. It further claimed that the e-mails and a small number of low-level and non-sensitive files are all dummies.
Included in the list of purported clients are the Australian federal police and departments in the New South Wales. It also contains the big four banks, retailers, universities, insurers, and national public service.
The Symantec spokeswoman confirmed that the list contains some of the largest public and private entities in Australia. However, she reiterated that the list was only in an environment for testing purposes. She added that the entities are not necessarily Symantec customers or procure host services from the company.
Many of the federal departments contained in the list confirmed that they do not use Symantec’s CloudSOC services. They also deny storing information with the company. But Guardian Australia explains that other departments questioned the “minor” breach because they are Symantec customers.
The use of “dummy data” by cybersecurity companies is common. This practice gives companies the ability to loosen security protocols while testing new products. The developers of a project might not all work in the same building or the same country.
By using fake customer information, they can share access to their work faster without leaking sensitive data. But some companies use real customer data for testing only to suffer for it.
An example was the incident Blind, an anonymous workplace app. It temporarily exposed sensitive information in 2018 after transferring part of its customers’ data to a test environment. Since developers did not immediately encrypt or delete the data, a data-breach hunter quickly discovered it online.
