Cyberattack strikes media-monitoring company used by Australian government

Josh Taylor and Christopher Knaus
·2-min read
<span>Photograph: Alamy Stock Photo</span>
Photograph: Alamy Stock Photo

A media-monitoring and analytics firm used by the federal government has been hit by a cyberattack, prompting the involvement of the nation’s leading cybersecurity agency.

Isentia, which boasts it has “most government departments and large corporations” as clients in Australia, told the Australian Stock Exchange on Tuesday it is “urgently investigating a cybersecurity incident” that was “disrupting services” involving its media portal – a service customers use to see media reporting on them, or issues of interest to them, and find journalists.

The company said it had engaged external cybersecurity specialists and informed the Australian Cyber Security Centre about the attack.

Related: Cybersecurity agency insists it doesn’t want to conduct mass surveillance of Australians

“Isentia is taking urgent steps to contain the incident and conduct a full investigation into what happened and how to avoid a repeat occurrence in the future,” chief executive Ed Harrison said, stating the company was focusing on restoring services.

Guardian Australia understands the company had been hit by a ransomware attack, meaning its systems are encrypted and an attacker will only release it once money is paid.

Logistics company Toll suffered two such attacks this year.

Isentia’s media-monitoring work requires clients to give it information on sensitive topics to properly brief it on what to look for in the media. It is not known whether this information has been compromised.

Clients have been told they will be formally notified at the end of Isentia’s investigation how they have been impacted. External IT security contractors are leading the investigation and the company is working furiously to restore full service.

The company has informed its customers that it does not have a clear view how long the outages will continue for.

The Australian Cyber Security Centre, the government’s key cybersecurity agency, confirmed it had been “notified of a cyber incident affecting Isentia and has offered technical advice and assistance”.

The downed media portal not only means customers have been unable to access their media data, but staff too have been shut out of the portal. Guardian Australia has heard staff in Isentia have been forced to manually prepare media reports based on Google searches.

Guardian Australia understands several government departments and companies have had to find alternative sources for their media-monitoring content while the portal is unavailable.

Related: Peter Dutton confirms Australia could spy on its own citizens under cybersecurity plan

Isentia directed Guardian Australia to their ASX announcement when comment was sought on the specifics of the attack.

The latest report from the Australian Cyber Security Centre says it assists on average six entities each day with cybersecurity incidents.

In 2019-20, it responded to 2,266 cybersecurity incidents and was handed 59,806 cybercrime reports. That is an average of 164 cybercrime reports each day.