Media Release: Visitor Information Unlawfully Gained - FAQs

Back to Media Announcements

Link to media release

Friday 31 January 2020

FREQUENTLY ASKED QUESTIONS 

VISITOR INFORMATION UNLAWFULLY GAINED

Q: Were any credit card details or financial information included in the breach?

No.

Q: What happened?

In November 2019, The Perth Mint engaged market insights company Metrix Consulting to manage a visitor questionnaire. The poll was designed to help assist with improving the experience of visitors who attend tours at The Perth Mint.

The Perth Mint’s publicly available privacy policy does say that The Perth Mint may share personal information, which it collects, with organisations engaged to conduct research and analyse data.

A file of limited contact information provided by visitors who booked a tour was passed to market insights company Metrix Consulting to execute this work. Each of the visitors affected by the data breach has been contacted.

On Tuesday 28 January 2020, Metrix Consulting informed us that one of its staff email accounts had been unlawfully accessed by an unknown third party.

A small set of visitor information was attached to one of numerous emails forwarded as part of this unauthorised activity, so for this reason that we are treating this incident as a data breach.

Q: How and when did The Perth Mint become aware of the issue?

On Tuesday 28 January 2020, The Perth Mint was advised by Metrix Consulting that an unknown third party had gained The Perth Mint’s visitor information.

Once told, The Perth Mint immediately sought to ascertain the potential impact on its visitors.

The Perth Mint informed those visitors whose details were compromised on Friday 31 January 2020.

Q: What information was breached and how many people are affected?

Approximately 1,480 visitors’ names were included in the breach and for many of these, email addresses, home addresses and phone numbers were provided.

Q: Have the individuals affected been told?

Yes. The Perth Mint has directly contacted the affected individuals where possible, released a media statement and provided this FAQ on our website.

Q: Was The Perth Mint targeted?

There is no evidence to suggest The Perth Mint was targeted. All indications are that our visitor information was included in just one email out of many which were accessed by the unknown third party.

Q: Did The Perth Mint follow its data security procedures?

We are conducting a review of our actions in this incident and will act immediately to address any identified issues.

Q: Do you know if the information has been used?

We have no evidence that the data has been used. We are conducting a review of the internet with our specialist cyber consultants as part of our response to this incident and will provide any update to affected visitors.

Q: Is there any support available to individuals who have been affected?

If you would like to speak with someone in relation to the data breach or about the identity support services which we can make available, please call The Perth Mint on Toll Free 1800 098 817, +61 8 9421 7218 (international) or email info@perthmint.com.

Q: How long has The Perth Mint been working with Metrix Consulting?

The Perth Mint first used the services of Metrix Consulting in 2016, and it has been a provider since. The Perth Mint endeavours to engage Western Australian businesses whenever possible, and Metrix Consulting is a long-established local business with a record of servicing high-profile organisations across Australia.

Q: Will The Perth Mint continue to use the services of Metrix Consulting?

The Perth Mint is reviewing the terms of its arrangement with Metrix Consulting. Metrix Consulting has fully cooperated with The Perth Mint in this investigation to date.

Q: What happens now?

We will continue to work with Metrix Consulting in our investigation to reveal any additional information and conclude the matter, and work towards minimising the risk of this happening in the future.