Origin Energy Confirms Data Breach Involving Former Employee
Overview of the Incident
Origin Energy, a prominent energy and internet service provider in Australia, recently acknowledged a data breach that potentially compromised the personal information of 732 people, primarily current and former employees. The breach was reportedly carried out by a former staff member who allegedly attempted to extract sensitive information just as their employment ended on July 30, 2025.
Details of the Breach
In a conversation with Cyber Daily, Origin confirmed that the individual collected the data during their tenure with the company, which spanned from October 12, 2023, to July 30, 2025. The stolen information is said to have included sensitive financial details, such as credit and debit card numbers. This attempt to transfer data involved an encrypted file, indicating that the information was not readily accessible without the proper decryption.
Commitment to Stakeholders
Origin expressed deep concern regarding the privacy of its stakeholders. “We take all of our stakeholders’ privacy extremely seriously,” the company stated. It emphasized that, while initial investigations indicated no evidence of the file being accessed or shared externally, the potential risks are still being assessed. The company is proactively reaching out to potentially affected individuals to notify them of the breach and offer support services, which may include credit monitoring and advice on security measures.
Status of the Encrypted Data
While the encryption on the file rendered it unreadable, Origin has not entirely ruled out the possibility that it could have been accessed outside the company. However, they noted that there was no current evidence to confirm such access had occurred. The former employee has also signed a statutory declaration stating that the file was deleted. Origin is currently conducting its own internal investigation to identify any needed changes to its data protection policies to prevent similar incidents in the future.
Reporting to Authorities
Origin Energy has taken steps to report the incident to the Office of the Australian Information Commissioner (OAIC) and relevant law enforcement agencies. This measure underscores the serious nature of the breach and the company’s commitment to transparency and accountability as they navigate the situation.
Conclusion of Legal Actions
It is noteworthy that, as of now, no criminal charges have been filed against the former employee involved, nor has there been any indication of ransom demands linked to the data. Origin is focusing on rectifying the situation and ensuring the safety of its data handling processes.
This incident underscores the importance of data security and corporate responsibility. Companies must remain vigilant and proactive in protecting customer and employee information, especially when potential vulnerabilities arise from internal personnel. Origin Energy’s response provides a case study for how organizations can manage breaches effectively by being transparent and taking the necessary steps to mitigate risk.
