This is due to the recent cyber incident
EnergyAustralia today announced it has commenced implementing 12-character passwords on its My Account online customer platform following a recent cyber incident that resulted in unauthorised access to 323 customer accounts.
All customers logging into My Account are now required to reset their password using a minimum of 12 characters, including a mix of capital and lowercase letters, numbers, and special characters. Previously, EnergyAustralia required 8-character passwords for My Account, with a mix of capital and lowercase letters and numbers.
The change follows a recent cyber incident involving My Account, EnergyAustralia’s customer platform. The incident resulted in the exposure of data for 323 residential and small business customers. My Account includes the customer’s name, address, email address, electricity and gas bills, phone number and the first six and last three digits of credit cards.
There is no evidence that customer information was transferred outside of EnergyAustralia’s systems, and importantly, identification documentation, such as driver’s licences or passports, and banking information, are not stored on My Account. This information remains secure. No other EnergyAustralia systems were affected.
During the incident, which occurred commencing Friday, 30 September, EnergyAustralia suspended access to My Account while investigations occurred and affected accounts were immediately locked and reviewed. All 323 affected customers were contacted by SMS, and email on Sunday, 2 October to reset their password, with follow-up by phone in the following week.
EnergyAustralia Chief Customer Officer Mark Brownfield said: “We apologise for the concern that this issue may have caused our customers.
“While this incident was limited in terms of customers affected, we take the security of customer information seriously and have been working hard to put in place additional layers of security to ensure the protection of all customer information.
“This now includes the implementation of 12-character passwords. We recognise the transition to more secure passwords won’t be easy for all our customers, however, these incident and other recent cyber incidents have highlighted this is where we need to go with password complexity.”
