Cybersecurity giant Symantec plays down unreported breach of test data

The American cybersecurity giant Symantec has downplayed a data breach that allowed a hacker to access passwords and a purported list of its clients, including large Australian companies and government agencies.

The list extracted in the February incident, seen by Guardian Australia, suggests that all major federal government departments were among the targets of a hacker who also claimed to be responsible for Medicare data being available for sale on the dark web.

But Symantec said the “minor incident” involved “an isolated, self-enclosed demo lab in Australia – not connected to Symantec’s corporate network – used to [demonstrate] various Symantec security solutions and how they work together”.

The incident was not reported because Symantec concluded that “no sensitive personal data was hosted in or extracted from this demo lab, nor were Symantec’s corporate network, email accounts, products or solutions compromised”.

The US cybersecurity company Symantec says a data breach that allowed a hacker to access passwords and a purported list of its clients was a ‘minor incident’. Photograph: SOPA Images/LightRocket via Getty Images
The US cybersecurity company Symantec says a data breach that allowed a hacker to access passwords and a purported list of its clients was a ‘minor incident’. Photograph: SOPA Images/LightRocket via Getty Images

The hacker extracted a list of purported clients of Symantec’s CloudSOC services, account managers and account numbers – but Symantec insists data contained in the system were “dummy e-mails and a small number of low-level and non-sensitive files for demonstration purposes” in a demo lab “not used for production purposes”.

The list of purported clients includes the Australian federal police, the big four banks, insurers, universities, retailers and departments in the New South Wales and federal public service.

“This is an old list of some of the largest public and private entities in Australia – it was in the environment for testing purposes,” a Symantec spokeswoman said. “These entities are not necessarily Symantec customers, nor do we necessarily host services for them.”

Several federal departments, including infrastructure, industry, human services and finance, confirmed that they do not use Symantec’s CloudSOC services and do not store information with Symantec. But Guardian Australia understands that others queried the “minor” breach with Symantec because they are customers.

The Department of Social Services said it “uses Symantec products including CloudSOC, in line with Australian Cyber Security Centre best practice”.

“The product in question is not used by the department to store customer, or sensitive information.”

In a statement the Department of Infrastructure, Transport, Cities and Regional Development noted the department name referenced in the list was “discontinued in 2013”.

“We have received no notice from Symantec regarding this matter, but we will make contact in relation to their continued use, if any, of our department name.”

In a statement the Department of Home Affairs said it “does not use the Symantec CloudSOC services, however does use a number of other Symantec products on the department’s internal network, that are managed by departmental staff”.

“The department does not have any sensitive information that is held by Symantec.

“Information held by Symantec would relate to Symantec’s commercial relationship with the department, which is publicly available information.”

The departments of agriculture, education, employment, communication and arts said they used other Symantec products, but not cloud services, and did not store information with Symantec. Education also said it would “make contact in relation to their use of our department name”.

The Australian Privacy Act creates a scheme for compulsory notification when a data breach is likely to result in serious harm to individuals whose personal information is involved in the breach.

The Symantec spokeswoman said it treated “any cyber-security incident – regardless of its scope or severity – with the utmost priority and take great caution in complying with the laws of the countries in which we do business around the world”.

“Consistent with our internal policies and guidance, which align with national and international data protection laws, no sensitive personal data or information has been disclosed that would trigger any regulatory obligations, but Symantec will continue to take appropriate remediation efforts if the situation changes.”

The Guardian

Other News

Vietnam targets at least 10 large strategic technology firms by 2030

Vietnam targets at least 10 large strategic technology firms by 2030

Deputy Prime Minister Ho Quoc Dung has signed a decision approving a plan to develop large domestic strategic technology enterprises in the 2026–2030 period, aimed at advancing digital infrastructure, digital human resources, digital data, strategic technologies and cybersecurity.

Protecting users crucial in building digital trust: Experts

Protecting users crucial in building digital trust: Experts

In Vietnam, digital transformation in the finance and banking sector is accelerating cashless payments, expanding access to financial services, improving market transparency and supporting economic growth and macroeconomic management.

Fostering skilled workforce for innovation era: experts

Fostering skilled workforce for innovation era: experts

Experts said close coordination among State management agencies, research institutes, universities, and businesses will improve training quality and serve the dual goals of quality education and practical research application.

Startup forum bridges Silicon Valley and local innovation ecosystem

Startup forum bridges Silicon Valley and local innovation ecosystem

The University of Economics Ho Chi Minh City (UEH), Saigon Asset Management (SAM), and Plug and Play Tech Centre co-hosted the “From Vietnam to Silicon Valley” forum, exploring AI innovation, venture capital, and pathways to integrate Vietnam’s startup ecosystem with Silicon Valley and global markets.

Experts call for stronger action against fake news online

Experts call for stronger action against fake news online

Experts have warned that fake news, misinformation and harmful online content are increasingly shaping public perceptions, particularly among young people, and stressed the need for stronger legal safeguards, technology tools and wider dissemination of credible information to tackle the problem effectively.

Protecting digital future in post-quantum, AI era

Protecting digital future in post-quantum, AI era

Participants highlighted the importance of building a proactive, synchronised and sustainable national cybersecurity ecosystem through closer cooperation among regulators, technology firms, research institutions and cybersecurity experts.

Vietnam attends SAHA 2026 defence, aerospace exhibition in Türkiye

Vietnam attends SAHA 2026 defence, aerospace exhibition in Türkiye

Vietnam’s participation in SAHA 2026 International Defence & Aerospace Exhibition in Istanbul reflects the country’s consistent policy of enhancing international defence integration and promoting defence industry cooperation towards self-reliance, self-strengthening, modernisation and dual-use development.

SK Group partners to build AI ecosystem in Vietnam

SK Group partners to build AI ecosystem in Vietnam

SK Innovation and SK Telecom signed MoUs with Nghe An province and the National Innovation Centre of Vietnam to advance AI ecosystem development and support the country’s long-term growth strategy.

Vietnam Research Excellence Fellowship for 2026-2030 approved

Vietnam Research Excellence Fellowship for 2026-2030 approved

Under the Vietnam Research Excellence Fellowship (VREF) for the 2026–2030 period, PhD students are identified as a core research force directly contributing to breakthroughs in sci-tech and innovation. Investing in top-tier doctoral candidates is more than workforce development, but a high-stakes strategic bet to forge a cohort of world-class scientists and technologists who can power Vietnam’s long-term economic ambitions.