Original hacker image by baramee2017 via Depositphotos. Composite image by The Epoch Times.
Western Australia’s largest energy generator and retailer, Synergy, appears to have been hacked and the personal details of around 900,000 customers exposed.
Cybersecurity company VECert said on X that the data includes full names, dates of birth, phone numbers, email addresses, physical addresses, account IDs, payment balances, and billing data (account balances, payment status, and BPAY references).
Customers’ National Metering Identifiers (NMI)—a unique 10-to-11-character code for an electricity connection used to identify a specific supply address—have also been breached, the company claims.
The information has been listed for sale by the threat actor, who goes by the alias “hackboy,” on a dark web forum.
VECert said the breach puts Synergy’s customers at “critical risk” of financial fraud and identity theft through “vishing”—where a thief uses personal data to impersonate an organisation via voice message or phone call to trick the victim into revealing sensitive information, such as login credentials or bank details.
It could also enable “targeted attacks on payment infrastructure in Australia.”
Three days earlier, the same hacker offered over 10 million records from KBank Vietnam.
