OUR REFERENCE: SUU_DBN_001

Dear Sir/Madam,

This notice is in relation to a recent data breach that has impacted Strata Unit Underwriters (SUU). If you have communicated with or received documents by email from one of our employees, your personal information may have been impacted by this data breach.

We take our commitment to protecting your information very seriously and have taken immediate steps to prevent its recurrence. We have also reported this incident to the appropriate regulatory authorities, including the Office of the Australian Information Commissioner (OAIC).

Overview of the incident:

Our investigation identified that:

  1. On Thursday, 11 June 2020, we became aware of that the email account of a single SUU staff member was accessed by an unknown individual.
  2. On Thursday, 11 June 2020, we understand that this unknown individual may have also sent you a message purporting to be our employee asking you to click on a link.

We believe it is likely that this unknown party also has a copy of the contents of the SUU staff member’s email account.

Our investigation has confirmed that this incident is isolated in nature and limited to this one instance.

The kinds of information which may have been impacted:

It is likely that any information you have sent to or received from the SUU staff member via email is impacted. This information varies from person to person, but may include the following:

  • Contact Information – such as your full name, email address, phone number and mailing address;
  • Financial Information – such as banking details (excluding credit card details), invoices, remittance advice documents, bank statements and agency financial statements; and
  • Other unstructured documents, such as personal communications and commercial communications.

Steps you may wish to consider:

  • If you have received an email purporting to be from a SUU staff member specifically with subject “Strata Unit Underwriters” at 11:30am AEST on Thursday 11 June 2020:
    • Please delete the email.
    • If you have clicked on the link attached to the email, you should inform your Information Technology and/or Security team or service provider of this as soon as possible.
    • Reset your email account password and any token(s).
  • Be alert for future targeted communications impersonating SUU (e.g. by SMS or email) that may ask you to log in or provide your information.
  • Consider enabling multi-factor authentication for email accounts that you use to communicate with us or discuss this notification further with your Information Technology and/or Security team or service provider.

Please contact us at info@suu.com.au if you have any questions, require advice specific to your circumstances or would like to make a complaint.

If you are dissatisfied with the outcome you receive, you may wish to pursue this further.  If so, please refer to the below brochure outlining our complaint handling process.  You will see the next step in the process is to contact our Customer Relations Department on 1300 668 066.

Customer Feedback & Complaints Brochure

Additionally, if you are not satisfied with our final response, you may lodge a complaint with the Australian Financial Complaints Authority:

Online:    www.afca.org.au
Email:     info@afca.org.au
Phone:    1800 931 678 (free call)
Mail:        Australian Financial Complaints Authority, GPO Box 3, Melbourne VIC 3001

Time limits may apply to lodge a complaint to AFCA and so you should act promptly or otherwise consult the AFCA website to find out if or when the time limit relevant to your circumstances expires.

You may also wish to make a privacy complaint to the Office of the Australian Information Commissioner (OAIC), by contacting them on 1300 363 992.

Please call us on 1300 668 066 between 9.00am and 5.00pm Monday to Friday to discuss in detail.

I take the opportunity to sincerely apologise for any concern and inconvenience this may have caused you.

Yours faithfully

Simon Ingham
General Manager