We have now completed preliminary assessments with impacted clients to determine whether it is likely that their impacted emails could contain personal identifiable information (PII).
For those clients who do not need to do further review based on the Preliminary Assessment, there is no further action required.
For clients who do need further review, we are working through a two-stage data review process.
Phase 1 – emails are scanned for search terms that are associated with documents of concern, such as:
The output of this phase will be a spreadsheet which details the number of files likely to contain PII and further information about reportable documents vs non reportable documents.
Phase 2 – Each client provides any specific search terms that need to be checked, including:
We will then work with our team of experts to transcribe all emails that may contain PII. The output of this phase will be a final list of any impacted individuals, along with the information which may have been exposed as part of the data breach.
We wish to assure our stakeholders that, if they do not hear from us directly, then there is no action they need to take. Colton Computer Technologies takes cybersecurity concerns seriously and is taking all necessary steps to remediate this incident.
For further information please contact incident@coltoncomputers.com.au.
Since our last communication on Friday 30 August, we have been working with our various teams to conduct a thorough review of the incident and potentially affected data, which is ongoing. We are working with all impacted parties.
Following detailed analysis, we have confirmed that the unauthorised party achieved limited access to some of our clients’ email content. We are now directly liaising with these clients to help determine what information may be involved.
Should we identify that personal information has been impacted, we will work with the relevant parties to ensure all appropriate steps are taken in response and notify individuals as required to provide guidance and support.
We would like to assure our stakeholders that there is no evidence of any potential breach of any internal email communications, there has been no lateral movement as a result of the unauthorised access to TitanHQ’s server, and no other internal systems were impacted by the incident and our environments remain secure.
Colton Computer Technologies takes cybersecurity concerns seriously and we wish to assure our staff, clients and community that we are taking all necessary steps to remediate this incident.
We will continue to work with our forensic specialists, our clients and TitanHQ in response to this incident and will share any updates with you once we know more.
Since our last communication on Monday of this week, we have been proactively working with our global teams to ensure we have a complete view of what has happened, any risk exposure, and audit control.
We’re continuing to wait for our forensics team to provide a complete analysis.
To avoid alert fatigue, we won’t be publishing a next communication timeframe. However, please be assured that we are committed to keeping you informed. We will publish an update and send an email notification as soon as we have more specific information.
We wanted to share a further update on last week’s incident with TitanHQ.
Since our last communication on Friday, all data logs have been provided to both the TitanHQ specialists and our local forensics partner, who are working through them in great detail to ascertain whether any of our client data was accessed. These forensic specialists have been engaged independently by both Colton Computer Technologies and TitanHQ.
As initially communicated, we are treating this as a potential data breach only, as we do not have specific confirmation of any confirmed data breach at this stage. The forensic experts will continue to work through the investigation until we have a definitive answer.
In conjunction with this forensic investigation, dark web monitoring has also been initiated as another layer of precaution and for greater visibility.
Unless we have any further information in the interim, we will provide another update by Friday 30th August EOD. All information is also being added to our website, here, or you can contact our dedicated response team at support@colton.com.au with any questions.
Thank you for your patience and understanding while we work with TitanHQ through this incident.
As communicated yesterday, we are providing our second update on the incident based on our conversations with TitanHQ overnight. As TitanHQ is based out of Ireland, we are working across global timezones to remediate and identify the full extent of this issue.
In short, TitanHQ is not able to confirm at this early stage whether and to what extent any of our clients’ data has been accessed. TitanHQ has engaged a forensics team to investigate this as a priority, who are collaborating with our local forensics team and Sophos MDR team.
We are working with TitanHQ to identify timeframes for further information on which we can use to make meaningful decisions about potential data impact.
For now, we thank you for your patience while we learn more. As you can appreciate, we have taken appropriate proactive steps by notifying you very early on, knowing that we have very little information ourselves.
In terms of next steps, we are prepared to support our clients by taking a leading role in the overall response and data risk assessment, should our clients be impacted.
Based on what we know, we are treating this as a potential data breach only, as we do not have specific confirmation of any confirmed data breach at this stage.
We will continue to work with our forensic specialists and TitanHQ for information and will share any updates with you once we know more.
Colton Computer Technologies takes cybersecurity concerns seriously and we wish to assure our staff, clients and community that we are taking all necessary steps to remediate this incident. We want to reiterate that the breach didn’t impact Colton Computer Technologies’ systems, and they remain secure.
We have established a dedicated response team who you can contact at support@colton.com.au if you have questions after reviewing this communication.
We will be in a position to update you again on Monday 26th August EOD, pending our further communications with TitanHQ over the weekend.
We wanted to advise you of a cyber incident recently experienced by our third-party email security services provider, TitanHQ. We can confirm that that breach didn’t impact Colton Computer Technologies’ systems, and they remain secure. We’re working closely with TitanHQ to understand more about the incident and any potential impact.
TitanHQ provides our email spam filtering services, which require them to have access to the email contents of our clients for up to 15 days. Last night (21 August 2024), they notified us that there may have been unauthorised access to some of our clients’ email content. This unauthorised access may impact inbound emails (emails from people outside your organisation being sent to you) between 1 August 2024 to 16 August 2024. We have confirmation that there is no potential breach of any internal email communication.
TitanHQ has assured us that they immediately began work to contain the incident and isolate the affected system. They’ve advised that full remediation of their systems is complete.
Upon notification, we immediately commenced our own investigation into the incident and mobilised our internal response team, as well as independent specialists, to support our investigation. TitanHQ is providing us with priority support to supply the necessary information for this investigation.
We are informing you at this very early stage so that you can be aware of this incident, and so that we can establish a contact point to continue to provide you and your teams with further information as soon as it becomes known.
Based on our knowledge so far, this incident may only impact a handful of our clients. We’re notifying all our clients for transparency and to support ongoing communications requirements. Although not legally obliged to do so based on the information at hand, we have notified the Australian Cyber Security Centre (ACSC) of the incident.
We appreciate that your team will need to consider your organisation’s reporting obligations and are happy to work closely with you on these considerations to align the approach.
We understand that this news may be concerning, and we appreciate your support as we work through this together.
We have established a dedicated response team who you can contact at support@colton.com.au if you have questions after reviewing this communication.
We will provide you with regular updates, whether we have new information or not, with the first update to come through at 9:30 am Friday (tomorrow).