Cyber Incident Victim: Pegasus Group Australia
Date:
Oct 2022
Location:
Australia
Summary
A third-party data breach impacted an obsolete employee rewards program managed by Pegasus Group Australia, affecting a major Australian telecommunications company's current and former staff. The compromised Work Life NAB platform, no longer operational, exposed approximately 30,000 individuals' first and last names alongside associated email addresses used for program enrollment. No internal corporate systems or customer account information was accessed during the incident, as the breach exclusively targeted the external supplier's infrastructure. The compromised data appeared online, with Pegasus Group Australia confirming the platform served multiple organizations, suggesting broader organizational impacts beyond the telecommunications firm. An active investigation into the breach's origin and full scope is underway through collaboration between the affected company and the third-party provider.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 4, 2022, Telstra, Australia’s largest telecommunications company, disclosed a data breach impacting current and former employees through a third-party supplier. The breach originated from Pegasus Group Australia, a subsidiary of MyRewards International Ltd., which operated the now-obsolete Work Life NAB employee rewards program. Telstra confirmed its internal systems remained uncompromised, emphasizing that the breach exclusively affected the third-party platform no longer in active use. Exposed data consisted of first and last names alongside associated email addresses used during program enrollment in 2017. Approximately 30,000 individuals were affected, according to an internal staff email cited by Reuters. No customer account information was stored on the platform, limiting exposure to employee-related records. The breach also impacted other organizations utilizing Pegasus Group Australia’s services, though specific entities were unnamed. Telstra’s Asia Pacific chief information security officer, Narelle Devine, stated the leaked data appeared online following the supplier’s breach, prompting collaboration with Pegasus to investigate the incident’s cause and full scope.
Telstra initiated an investigation while supporting Pegasus Group Australia’s parallel efforts to determine the breach’s technical mechanisms and extent. The company issued a public statement clarifying the absence of Telstra infrastructure involvement and the historical nature of the compromised data. This incident followed closely after Optus, Australia’s second-largest telecommunications provider, reported a separate breach affecting 2.1 million current and former customers, though no direct link between the two events was established. Telstra’s disclosure did not specify whether threat actors accessed additional data types beyond names and emails or revealed the breach’s discovery timeline. The Work Life NAB platform’s discontinuation prior to the breach reduced immediate operational risks, but exposed personnel remained vulnerable to phishing or identity-based attacks leveraging the 2017 dataset. No remediation measures for affected individuals were detailed in the initial announcement.