EXCLUSIVE
Major Australian electricity, gas, and internet provider Origin Energy has confirmed a data breach involving payment details of more than 700 customers which were allegedly stolen by an employee, who attempted to email the data to their personal email address when they were terminated by the company.
Origin confirmed to Information Age that the employee had attempted to send an encrypted file containing 732 customers’ credit and debit card details to themself on 30 July 2025.
“We have discovered that a former employee acted in serious breach of our policies, procedures and the standards we require from our employees when handling customer data,” an Origin spokesperson said in a statement.
The company said it was now “contacting potentially impacted individuals to apologise and provide support”, as it could not guarantee the data was safe despite the alleged offender having signed a statutory declaration in which they claimed they had deleted the file.
Some Origin customers received an email from the firm on Wednesday which confirmed details of their credit and debit cards had been copied by an employee between 12 October 2023 and 30 July 2025.
“When their employment was terminated, this person tried to send that information outside of Origin,” the company said in the email.
Origin told Information Age the incident had been reported to the Office of the Australian Information Commissioner (OAIC) and was in the process of being reported to relevant law enforcement and Australia’s cyber watchdog the Australian Signals Directorate (ASD).
The former employee has not been charged with any crime, Origin said.
The company also confirmed it had not received any demand for a ransom payment related to the stolen data.
“We are conducting our own investigation into the matter to see if there are any changes we can implement to ensure this isolated incident does not happen again,” the spokesperson said.
Origin ‘can’t definitely rule out’ stolen data is safe
Origin told affected customers that while the stolen data had been encrypted and an internal investigation had “found no evidence that this file was accessed or further shared outside of Origin”, it could not guarantee the payment details were safe.
“We can’t definitely rule out the possibility of the file being accessible outside of Origin," it said.
The company apologised to potentially affected customers, and said, “We’re taking this matter very seriously and want to be fully transparent.”
Origin also urged those customers to take “precautionary measures” such as monitoring their accounts and considering replacing their cards, but maintained it had no evidence that card details had been misused.
Those customers were also offered a year of complimentary credit monitoring.
Origin Energy says it is conducting its own investigation into the incident. Image: Shutterstock
Origin Energy holds around 4.7 million customer accounts and employs more than 5,000 employees, according to its 2025 annual report.
The company’s employees have been subject to “a regular program of random testing” after completing compulsory cyber awareness training “including how to identify phishing emails and keep data safe", according to that report.
Origin also said it conducted “training for insider trading, privacy and competition and consumer law every year”.
“A robust security monitoring and incident response process exists and is exercised on a regular basis,” the report stated.
“In the event of an incident, Origin is supported by an external incident response and forensics firm.
“Origin undertakes regular independent security assurance to assess the resilience of our digital channels and internal security controls."
Workers sabotaging employers
The Origin breach appeared to be another example of an employee attempting to harm their employer upon being removed from the company.
A software developer who was found guilty in March of inserting a “kill switch” which caused damage when he was fired by US power management company Eaton Corp, was sentenced to four years in prison in August.
A fired IT worker was also given a prison term by a Singapore court in June 2024 after remotely deleting around 180 of his former employer’s virtual servers.
Around a quarter of Australians were found to have had their personal information exposed in a data breach in 2024, according to a survey by the Australian Institute of Criminology.
Consumers have recently experienced other data breaches involving the likes of telecommunications providers Dodo and iiNet, national airline Qantas, Western Sydney University, and fashion retailer Sabo.
