Hi there,

Cyber Event

We recently texted you to inform you of a cyber event that impacted D1 Group (“D1”) in December 2022, where some of your personal information held by us was involved. D1 is providing this notification to ensure that you are aware of the event and the steps D1 has taken in response.

We would like to assure you that this notification is only precautionary, and that we have no evidence of any misuse of your personal information.

Contact details for our response team are set out below should you have any questions.

What happened?

In December 2022, we experienced a cyber event where an unidentified third party gained unauthorised access to our network, encrypted data and removed it from our network.

In response, we launched extensive forensic investigations into the root cause and extent of the cyber event, which have now been completed. We have taken steps to ensure our network is fully secure following the cyber event.

What has D1 done in response?

Upon discovery of the event, we took immediate action to secure our network and apply enhanced cyber security measures. We also engaged leading external forensic IT and cyber security expert advisors to assist us in responding, which included conducting an investigation into what happened.

We have also notified the Office of the Australian Information Commissioner (OAIC) and the Australian Cyber Security Centre (ACSC) of the cyber event.

We take cyber security and the protection of all personal information very seriously and have already taken a number of proactive steps with relevant authorities, where possible, to protect your personal information, and are today notifying you of additional relevant steps you can take to further protect your information.

What should you do?

We have prepared the following Questions and Answers (Q&A) information sheet titled “Steps you can take to protect yourself from potential data misuse”. This information sheet explains what personal information of yours may have been affected, and relevant steps you can take to protect yourself against any future misuse of your information.

If you have any questions after reading this notification, please do not hesitate to contact our response team at cyber@dental1.com.au or via 03 7300 6399.

Yours sincerely Dental One.

Steps you can take to protect yourself from potential data misuse

Questions and Answers (Q&A)

Q: What happened?

A: In December 2022, we experienced a cyber event where an unidentified third party gained unauthorised access to our network and downloaded some information.

Q: What steps has D1 taken in response?

A: Upon discovery of the event, we took immediate action to secure our network and apply enhanced cyber security measures. We also engaged leading external forensic IT and cyber security expert advisors to assist us in responding, which included conducting an investigation into what happened. We have also notified the Office of the Australian Information Commissioner (OAIC) and the Australian Cyber Security Centre (ACSC) of the cyber event.

Our investigation is now complete and has confirmed that D1 was the subject of a an unauthorised access cyber event. There is no evidence to suggest that the event was targeted towards any specific individual or individuals, or that anyone’s personal information has been subsequently misused.

Q: What personal information was affected?

A: Based on our investigation, we have identified that a small subset of information was accessed during the cyber event.

The affected dataset contained contact information belonging to you, including a mix of your name, date of birth, email, phone number and/or address. The following information was also contained the following information belonging to you:

  • Health information;
    • dental history;
    • dental condition;
    • dental treatment;
    • prescription information; and/or
    • dental symptoms or diagnoses.

Q: What precautionary steps can I take?

A: Based on the types of information that may have been accessed, we recommend you take the following steps (depending on the types of information you have previously provided to D1):

Contact information

Where a third party may have access to your contact information, it is important to:

  • be aware of email, telephone and text-based scams. Do not share your personal
    information with anyone unless you are confident about who you are sharing it with;
  • when on a webpage asking for your login credentials, take note of the web address or URL ('Uniform Resource Locator'). The URL is located in the address bar of your web browser and typically starts with ‘https://’;
  • if you are suspicious of the URL, do not provide your login details. Contact the entity through the usual channels to ensure you are logging into the correct web page.
  • Please note that Dental One will never contact you to ask for your username or
    password;
  • enable multi-factor authentication for your online accounts where possible, including your email, banking, and social media accounts;
  • ensure you have up-to-date anti-virus software installed on any device you use to access your online accounts; and follow the Australian Competition and Consumer Commission's Scamwatch guidance for protecting yourself from scams here: https://www.scamwatch.gov.au/get-help/protect-yourself-from-scams/.

For more information, you can visit the OAIC’s tips for further guidance about protecting your identity: https://www.oaic.gov.au/privacy/your-privacy-rights/tips-to-protect-your-privacy/

Health information

The following health information related to you has been identified in the affected dataset:

  • dental history;
  • dental condition;
  • dental treatment;
  • prescription information;
  • dental symptoms or diagnoses.

For context, cyber-criminals typically seek to misuse information that can be easily used for financial gain (such as credit cards and identity documents for identity theft). For this reason, health information by itself is generally not useful to a cyber-criminal.

However we know that it will be concerning to learn that your health information may have been accessed in this manner.

Should you experience any anxiety or distress in relation to this, please seek medical advice from your regular treating physician or GP.

Free information is available at https://www.beyondblue.org.au/the-facts/anxiety. If you would like more information about the health information related to you that may have been involved, please contact our support team on 1800 418 485 between 9:00am and 5:00pm (AWST), Monday to Friday.

Q. Why has it taken time to notify individuals?

A: It was necessary for us to carefully analyse the affected dataset to understand exactly what information was affected and who it belonged to so that our notification to affected individuals was accurate and did not cause any undue alarm or distress. This type of detailed analysis takes time, and we have been mindful to ensure our process and notification has been as thorough as possible.

 

Q: I think I need a credit report or ban, where can I go to get one

You can apply for a free annual credit report from one of the consumer Credit Reporting Agencies below. You can also consider contacting the below credit reporting bodies to place a temporary ban on your credit report. This means that they will not be able to share your credit report with credit providers without your consent for 21 days (unless extended).

Q: Who can I contact for more information about cyber security and protecting my online identity?

A: Additional general resources on identity and cyber security support can be found here: 

If you have any other questions after reviewing this notification, please do not hesitate to contact our response team at cyber@dental1.com.au or via 03 7300 6399.