Data Breaches Australia’s Had This Year

Month by month summary:

JANUARY

Norton LifeLock: Cybersecurity company Norton LifeLock has experienced a data breach through its password manager feature, leaving around 6,450 customers vulnerable to cyber threats. The breach occurred when a third-party company inadvertently exposed unencrypted user data on public-facing servers. While the exact number of affected users is still unclear, Norton LifeLock stated that the incident did not compromise any sensitive information such as social security numbers or financial data. 

PayPal: The rise of social phishing techniques has led to nearly 35,000 PayPal account hacks. These hacks were carried out by automated bots that are designed to mimic human behavior and bypass security measures. By using devices that were not authorised by the original account holder, these bots can make unauthorised transactions and drain the victim’s account. 

Click Here to see more and what the TCD team found investigating the topic.

Queensland University of Technology (QUT): The Queensland University of Technology (QUT) publicly informed staff and students of a cyber attack that took place, forcing the school to shut down its services until the 3rd of Jan and pushing back courses and exams to early Feb affecting 52,672 Students. A ransomware gang called “Royal” has claimed responsibility for the recent data breach and posted 10% of the data onto a leak site, showing emails, HR files, and administrative and financial documents. 2,500 current and former staff members and 67 students were compromised in the cyber-attack.

Mount Lilydale Mercy College: Mount Lilydale Mercy College, a Catholic school in Victoria, had its data breached by cybercriminals, who obtained the credit card details of 400 people whose children attend the school. The college has assured parents and students that steps are being taken to mitigate the effects of the breach and protect affected individuals. The Australian Cyber Security Centre has advised people to be vigilant and take measures to protect their personal information.

GoTo: GoTo, a leading provider of remote collaboration software, suffered a data breach in which encrypted backups were accessed by cybercriminals. Five of GoTo product lines (Central, Pro, join.me, Hamachi, and RemotelyAnywhere) were breached and taken by a threat actor through the company’s third-party cloud storage service. The encrypted backups are said to contain account customer details, salted and hashed passwords, and customer MFA settings.

FEBRUARY

JD Sports: JD Sports, the UK's leading sports fashion and outdoor brand, suffered a major cyber attack, resulting in 10 million customer personal data leaked online. Information leaked online includes customer names, order details, billing and delivery addresses, emails, phone numbers, and the last four digits of payment cards used on JD Sports products. The company assured its customers that no financial data or passwords were accessed during the attack.

Guardian Australia: Guardian Australia has been targeted in a cyber-attack that ended in 140 current and former staff details compromised. The data stolen contained tax file numbers, bank account details superannuation details, salaries, and addresses, however, the data was not exposed online. The outlet has also urged anyone affected to change their passwords immediately and to monitor their accounts for suspicious activity as the Guardian Australia continues its investigation.

The Good Guys: On the 27th of Feb, The Good Guys contacted 1.85 million past and present customers as their data have been made publicly available by an unknown hacker confirmed to have been stolen way back in August 2021. The data in question came from a company called “Pegasus Group Australia” now commonly known as “My Rewards” (where the data breach took place). Due to the incident, The Good Guys were forced to cut ties with the “My Rewards” company.

MARCH

CBA: The Commonwealth Bank (CBA) has been targeted by a cyberattack only affecting accounts based in Indonesia, impacting its platform used by institutional investors to trade in government bonds. The CBA has assured its affected customers that their accounts or personal data have not been affected by the attack. However, the incident highlights the increasing risk of cyberattacks for financial institutions.

NSW Health: NSW Health suffered a data breach that compromised the bank details of employees using Frontier Software’s HealthRoster, a payroll software used by NSW Health. The breach has affected employees whose payroll was processed between 2001 and 2015. 

Latitude: Australia’s Latitude Financial came out publicly about a critical hack that occurred. 8 million customers of Latitude, past and present, have had their information compromised. The data stolen contained driver's licenses, passports, PII, and even photo identification. 

Click Here to see more and what the TCD team found investigating the topic.

QIMR Berghofer: The QIMR Berghofer Medical Research Institute in Brisbane, Australia, has issued an apology after a data breach incident exposed 1128 patients' sensitive information from a skin cancer study. The data exposed included patient names, addresses, and Medicare numbers. The institute has immediately taken steps to secure the leaked data, including notifying the affected patients and implementing additional security measures to prevent such incidents from recurring, QIMR has expressed regret for the breach.

Rio Tinto: Rio Tinto has notified its employees that their payroll information may have been compromised due to a cyber attack against its GoAnywhere file transfer system; the stolen data contains payslips and overpayment letters. Rio Tinto has stated that a cybercriminal has threatened to release the stolen private information onto the dark web.

iD Tech: A Hacker obtained information of thousands and thousands of user information from kids’ tech coding camp iD Tech. The hacker has claimed to have stolen close to 1 million user records which contain dates of birth, passwords, and 415,000 unique email addresses.

Canberra Health Services: One staff member of Canberra Hospital has been sacked and another two staff members stood down after a data breach resulted in 13 mental-health patient records being sent deliberately to an industrial partner and accessed without authorisation. ACT Health Minister Rachel Stephen-Smith has stated that the hospital has made changes to its security protocols, including improving password protections and conducting increased staff training on data privacy and security. 

Crown Resorts: Crown Resorts, one of Australia's largest casino groups, is facing a ransomware extortion threat from a group of hackers. The hackers have claimed to have obtained private files by breaching Crown’s third-party file transfer service, GoAnywhere.

Meriton: The Australian property giant ‘Meriton’ suffered a data breach that put 1,889 Aussie individuals in danger, with hackers gaining access to its computer systems and stealing confidential guest information. The stolen data includes bank details, tax file numbers, and employment information such as performance appraisals and disciplinary history.

Tasmanian Government: A cyber attack on the Tasmanian government has resulted in the compromise of over 16,000 documents from the Department of Education, Children, and Young People, the stolen data contained the PII of children and even what school and year the children attend. 

Click Here to see more and what the TCD team found investigating the topic.

APRIL

TAFE: SA Police have uncovered a data breach at TAFE SA (South Australia's Vocational Education and Training provider), potentially affecting the personal information of 2224 students. The breach was identified during a seize when devices were discovered containing scanned copies of TAFE SA student identification forms. The compromised data includes names, addresses, birthdates, email addresses, and qualifications of both current and former students. However, 87% of the credentials found on the devices have expired. 

MSI: MSI, a Taiwanese hardware manufacturer, has confirmed experiencing a cyber-attack of “no significant” financial impact. The details of the attack have not been disclosed, but a new ransomware group called Money Message has named MSI as their latest victim.

Service NSW: At a certain time, the whole of Service NSW affected 3700, leaking their private information on the web. Data exposed included names, driver's licenses, and even the individual's demerit points. 

Click Here to see more and what the TCD team found investigating the topic.

Coles: Coles has confirmed that customer data held by its credit card partner, Latitude Financial Services, was breached by threat actors, and in consequence, so has Coles. 14 million customers of Coles had their PII stolen in the Latitude hack. Investigations show that data stolen included names, addresses, dates of birth, and driver's licenses; PII records that date back as far as 2005

Spruson and Ferguson: IPH Limited, an intellectual property company, has revealed that a recent data breach originated from the systems of its subsidiary, Spruson and Ferguson. IPH has stated they have detected unauthorised access to its document management system. It is estimated that the incident will incur $2 million to $2.5 million (pre-tax) as non-underlying costs to their accounts related to the data breach.

Afterpay: Former shareholders of Afterpay, an Australian buy-now-pay-later company that was recently acquired by an American firm called Block (formerly known as Square), are suing Block’s co-founders Jack Dorsey and Jim McKelvey due to a cyber breach that was kept hidden. In 2021 under the care of Block, before the transaction was finalised between former owners of Afterpay, it was discovered a former Block employee downloaded 8.2 million Cash App users' account information. The stolen data contains account numbers, portfolio values, holdings, and user trading activity.

Optus: In 2022, Optus suffered a massive cyber-attack, resulting in the personal information of millions of customers being compromised. The company is now facing a class-action lawsuit from victims, including vulnerable individuals who relied on Optus for essential services. The data breach exposed the need for stronger cybersecurity measures and the importance of protecting sensitive information. 

Click Here to see more about the cyber-attack on Optus and what the TCD team found investigating the topic.

Amnesty International Australia: Amnesty International Australia, a leading global human rights organisation, detected “anomalous activity” in its IT environment. Although the data within the IT environment appears intact, AmnestyInternational has stated to rule the incident a data breach.

NAB Business & Consumer Insights: A survey conducted by National Australia Bank (NAB) showed that customers have experienced a cyber-attack or scam in the past year. The survey concluded that on average, Australians have lost $569 to cyber criminal activity, while ‘Small and Mid-size enterprises’ (SMEs) lost on average $19,400.

MAY

HWL Ebsworth: Australian law firm HWL Ebsworth has been targeted by Russian-linked hackers known as ‘BlackCat’ (also known as ‘AlphV’) who have stolen and posted confidential data online, including high-profile figures with a statement saying “ENJOY!!!”. The hackers are claiming to still have 2.55 TB of unpublished data.

Medibank: Last year in October, 9.7 million Medibank customers were compromised in a data breach conducted by REvil. In May, it was discovered that Medibank will be paying $300 million and more due to class-action lawsuits taking place. 

Check out our related articles for more information below:

Ambulance Victoria: Ambulance Victoria discovered a data breach that involved private drug and alcohol tests of paramedics posted online for all staff to see. The videos found that the exposed data was captured between May 2017 and October 2018. The videos were removed from the net after the discovery was made.

Toyota: Toyota has confirmed a decade-long data breach that has exposed the personal information of its customers in Japan. The breach was discovered to have started in November 2013, affecting 2.15 million customers based in Japan. A spokesperson from Toyota Australia has assured their Australian customers that the breach is “.... not linked to any services we offer in Australia and therefore no Australian customer or vehicle data has been compromised.”

NT Government: The Northern Territory government has been accused of breaching thousands of patient records during a transfer. During a system upgrade for the NT government, they sent over 50,616 patient records to a software vendor. Cyber security experts have stated the action of the NT government has resulted in a high risk of those records getting hacked.

SuperVPN: A data breach occurred on a free VPN service called SuperVPN, with over 360 million user records being exposed. The 133 GB of data stolen contained email addresses, original IP addresses, Unique App User ID numbers, users operating system, and more.

Fire Rescue Victoria: On the 6th of Jan, the FRV (Fire Rescue Victoria) reported to the Office of the Australian Information Commissioner a cyber attack that dates back to the 15th of Dec last year. Data stolen included budget documents, names, addresses, employment history, religious and political views, and even the criminal history of FRV employees. 85 fire stations were affected by the threat actor who uploaded a sample of the data onto the dark web. Fire Rescue Victoria (FRV) has officially confirmed that it was the victim of a recent data breach where hackers obtained access to sensitive personal information of some of its staff members. FRV has said that its system has not been hacked, and the breach was not extensive. However, the stolen information includes details, such as names, addresses, and medical records. The incident has raised concerns for FRV regarding the vulnerability of critical infrastructure to cyber-attacks and the need for stronger cybersecurity measures to safeguard personal and sensitive information.

JUNE

ACT Government: The ACT Government has been hit by a cyber security breach resulting in Federal authorities investigating the incident. Not much is known about the breach that occurred or the intentions of the threat actor’s activities. The breach was detected in an email gateway that supports some IT systems of the ACT government.

Port Arthur Library: During a data transfer to ‘Libraries Tasmania,’ Port Arthur Library released historic staff records from their own Port Arthur historic site by accident causing a “human error” data breach. 560 records were exposed online before being removed.

PwC: PwC suffered a global data breach which resulted in ASX closing up on Woolworths and CSL gains, Woolworths rising by 2.4% to $39.54 and CSL rising by 2.4% to $284.44.

SmartPay: Smartpay, a New Zealand-based payment solutions provider, is investigating a data breach after a former employee allegedly gained unauthorised access to customer data. The data breach was first discovered by New Zealand's government cybersecurity agency, CERT NZ, which prompted Smartpay to take immediate action.

Australian Defence Force: Russian cyber hackers have reportedly compromised top-secret defensive data in a historic breach, according to Australian defense sources. It is believed that the perpetrators gained unauthorised access to over 2.5 million documents about the Defence Force.

LG Energy Solution Australia & Solar Service Guys: LG Solar has announced that it is investigating allegations that data has been breached. Solar Service Guys (SSG), a partner of LG Energy Solutions, have claimed that company data, including financial information, was handled by an unauthorised third party. LG Solar has stated that it takes data security seriously and has not been subjected to a data breach.

Perpetual: Perpetual has suffered a security incident with thousands of client information being compromised, according to a statement released by the company. The company has taken immediate action to address the issue and is now working with cybersecurity experts to investigate the incident. 

JULY

Parks Victoria: Parks Victoria's online booking system crashed leaving concerns that a data breach may have occurred during this time. However, shadow minister for environment and climate change, James Newbury, has assured no data breach occurred during the website crash.

SA Liberal Party: A major data breach among SA Liberal Party members occurred with theories that a European ransom gang was involved. Investigations are still continuing regarding the incident. 

Department of Home Affairs: A cyber survey conducted by the Home Affairs department has accidentally exposed the personal data of 50 “small businesses” out of the 2000 businesses surveyed. Home Affairs promptly removed the exposed data as soon as the discovery was made.

Your Security is our Priority

Your friendly Support Team

Speak to us about all your computer needs

This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.