Data Breach Notices

Symantec – June 2019

• • Symantec breach revealed client list, passwords: report

Australian Catholic University – June 2019

• • Staff details stolen in fresh data breach
  • ACU discloses data breach
  • Phishers hit ACU, compromised systems
  • ACU systems compromised and details stolen after cyber breach
  • Attackers use phishing to gain access to ACU staff data

Revenue NSW – June 2019

• • Privacy fears for Illawarra drivers as NSW govt data breach referred to ICAC Illawarra drivers may have had their private details leaked to the media as part of a “political smear campaign”
  • NSW Labor refers alleged data leak to ICAC

Australian National University – June 2019

• • China ‘behind’ huge ANU hack amid fears government employees could be compromised
  • ANU breach a risk for security officials as China becomes key suspect
  • Almost 20 years of personal data was stolen from ANU. It could show up on the dark web
  • 19 years’ worth of personal data stolen from ANU – It could be sold on the dark web

Microsoft – May 2019

• • Patch now against wormable ‘BlueKeep’ remote desktop flaw: ACSC – Spectre of another WannaCry-style epidemic raised

Princess Polly – May 2019

• • Aussie fashion e-tailer Princess Polly suffers data breach – Card info may have been captured as it was entered into site

Canva – May 2019

• • Canva under cyber-attack, with reportedly as many as 139 million users affected
  • Aussie Canva Hit By Massive Data Breach: User Details Stolen
  • Canva criticised after data breach exposed 139m user details
  • “Marketing fluff”: What startups can learn from Canva’s data-breach response

Instagram – May 2019

• • Instagram hit by two privacy breaches in a week – The Facebook-owned company fails it users.
  • Instagram users’ data exposed to hackers
  • Instagram has a MAJOR personal data breach 50 million users have had their personal details shared
  • Perth socialite Melissa Graham held to ransom after Instagram privacy breach

CCH software – May 2019

• • Wolters Kluwer takes down cloud services after malware infection – Impacts Australian users of CCH software

Binance – May 2019

• • Binance hackers shift stolen bitcoin, identity still unclear: researchers – Funds now sitting in several digital wallets

Twitter – May 2019

• • Twitter accidentally shares user location data with advertising partner | Through Apple devices

WhatsApp – May 2019

• • WhatsApp flaw allowed spyware injection via calls | Pegasus comes calling whether you answer or not
  • WhatsApp urges upgrade after ‘serious’ security breach allowed hackers to put spyware on phones
  • WhatsApp major security flaw could let hackers access phones
  • WhatsApp patches flaw after spyware revelation
  • WhatsApp security breach likely a government surveillance attack, company says

WPA3 Dragonfly – April 2019

• • New wi-fi security standard broken already | Implementations not done properly

Wipro – April 2019

• • Wipro hacked, internal systems used to attack customers: report Months-long intrusion
  • Wipro confirms breach, says customers are ‘anxious’
  • Connectwise CEO defends security stance after Wipro breach

Speedrun.com – April 2019

• • Major Speedrunning Hub Forced To Roll Back Rankings After Security Breach

Australia Post – March 2019

• • AusPost’s Bill Scanner caught up in Gmail privacy sweep – Works with Google to ensure API permissions aren’t revoked

ASUS – March 2019

• • ASUS users targeted in large supply chain attack – Users infected via software update utility
  • ASUS releases fix after ShadowHammer malware attack – But some users unable to update to non-backdoored software

Bank of Queensland – March 2019

• • Bank warns of reported third-party data breach – The Bank of Queensland has announced that it has been made aware of a personal data breach by a third party provider

Kathmandu – March 2019

• • Credit cards cancelled as Kathmandu reveals online store hacked – month-long breach during peak discount period
  • Kathmandu hit by hackers
  • Credit cards cancelled as Kathmandu reveals online store hacked
  • Kathmandu flags suspected data breach
  • Data breaches have possibility to ruin customer relationships

Citrix – March 2019

• • Citrix investigates major security breach – resecurity says it believes at least 6TB of data was downloaded
  • Citrix hackers stole employee, financial data

Melbourne Hospital – February 2019

• • A cyber crime syndicate accessed the medical files of 15,000 patients at Melbourne Heart Group at Melbourne’s Cabrini Hospital
  • ‘The crooks are ahead’: Cabrini breach a warning for Australia
  • Melbourne heart clinic hit by ransomware attack

CoffeeMeetsBagel – February 2019

• • Dating site Coffee MeetsBagel warns Aussie users of data breach on Valentines Day
  • ‘Coffee Meets Bagel’ Dating Site Hit by Data Breach

9Honey – February 2019

• • Dating app suffers data breach

Toyota Australia – February 2019

• • Toyota Australia hit by cyber attack – takes down email and other systems
  • Cyber Ransom Attacks On The Rise, Toyota Australia has confirmed it has been subject to an attempted cyber attack
  • Millions of customers’ data accessed in second Toyota hack – Tokyo sales subsidiaries raided
  • Toyota Australia hit by cyber attack

AMP – February 2019

• • Chinese AMP contractor pleads guilty to data breach

LandMark White – February 2019

• • Australian bank customers caught in valuation firm data breach | Caused by undisclosed ‘security vulnerability’
  • Home loan details of 100,000 customers hacked in major data breach
  • LandMark White blames exposed API for data breach – ANZ confirms it has suspended use of the property valuer
  • Valuation firm hit by data breach LandMark White pleads for long share suspension
  • Embattled LandMark White shares drop 10.6 pc after data breach
  • NAB pulls plug on LandMark White as home loan breach scandal grows
  • LandMark White blames ill-informed public commentary on its dark web data breach for further ASX share suspension
  • Centrelink keeps LandmarkWhite, says data breach hit ‘very small’ client group
  • LandMark White counts cost of data breach – LandMark White still unsure of financial impact
  • LandmarkWhite knew of IT weakness in 2017, a year before data breach
  • Landmark White’s stolen data re-appears on dark web
  • Landmark White data disaster claims CEO scalp
  • LandmarkWhite faces regulator scrutiny over IT response, disclosure
  • LandMark White CEO exits after data breach – two directors step down from board
  • CBA assures itself of LandMark White’s post-breach infosec
  • LandMark White’s data breach just the beginning for cyber criminals

Department of Parliamentary Services – February 2019

• • Security breach strikes parliament’s IT network – all passwords reset
  • Political party networks caught up in parliament’s IT breach – but no evidence of electoral interference
  • The cyber attack on Parliament was done by a ‘state actor’ 
  • Citrix | Australian parliament hackers gain remote access

Bunnings – February 2019

• • Bunnings exposed staff performance database – individual staffer did unwanted homework

Facebook – January 2019

• • Apple Shuts Down Facebook Data Collecting App – Since 2016, Facebook has been asking users to install a “Facebook Research” VPN that lets the company monitor their phone and online activity, according to Tech Crunch
  • Apple punishes Facebook over app that paid users to hand over data
  • The Apple-Facebook Feud Hits a Breaking Point
  • Facebook stored millions of user passwords in plain text – hundreds of millions of users to be notified
  • Facebook says up to 111,813 Aussies in last year’s security breach
  • Facebook’s lax security has left millions of users with a lot to worry about
  • Facebook staff had access to millions of users’ passwords in plain text, violating security practices

Global Hacking Scare – January 2019

• • Global hacking scare nets Queensland MP, Surf Life Saving as millions of passwords breached – websites belonging to Queensland’s Deputy Opposition Leader, a real estate business and Surf Life Saving Australia are among thousands of pages caught up in the latest international data breach

SkoolBag – January 2019

• • MOQdigital’s education software platform SkoolBag caught in global data breach

Optus – January 2019

• • ‘Mistakenly’ Publishes Private Numbers Online And In White Pages

Collection #1 – January 2019

• • Breach Exposes a Record 773 Million Email Addresses – The massive trove of leaked data, which was posted to a hacking forum, also includes 21,222,975 unique passwords.
  • Experts comment on record 772mil-user data breach – Cybersecurity expert and founder of website Have I Been Pwned Troy Hunt broke the news recently that the largest ever database of breached login details have been leaked on the dark web.
  • Data leak – Collection #1 is the just the beginning
  • Cyber watchdog warns on dark web PS data – The Australian Cyber Security Centre (ACSC) has urged organisations and individuals across the Australian Public Service to check if their email addresses and/or passwords are included on recently released lists of stolen data.

Fisheries Queensland – January 2019

• • Fisheries Qld blames bad update for password ‘fault – allowed fisherman to get into any account.

First National Real Estate – January 2019

• • Job applicant data exposed online CVs and cover letters published
  • Real estate industry provider exposes data
  • Data breach exposes personal info of jobseekers

Department of Planning and Environment, NSW Major Projects – January 2019

• • Fury over privacy ‘breach’. FURIOUS Tweed Valley Hospital site protesters say their privacy has been breached after a State Government body allegedly published their personal details online without permission.

Victorian Government – January 2019

• •  Vic Govt employee directory accessed by unauthorised party impacts about 30,000 staff

Marriott Hotel Group / Starwood – January 2019

• • Marriott Unsure How Many Hundreds Of Millions Of Guests Got Screwed By Data Breach
  • Starwood hack exposed 5.25m unencrypted passport numbers
  • Marriott CEO apologises for data breach, vows improvements

Early Warning Network – January 2019

• • Emergency text and email service hacked, thousands receive warning messages about their personal data.

Big W – January 2019

• • Customer data leaked due to printer repair mishap

Hawthorn Football Club – January 2019

• • Hawks warn members of security threat

Nova Entertainment – January 2019

• • Nova notifies listeners of data breach – Nova Entertainment has admitted that listeners’ data from the period of May 2009 to October 2011 has been “publicly disclosed”.
  • Nova admits to huge data breach
  • Nova Admits Listener Info Has Been Leaked

My Health Records – January 2019

• • Critics want My Health Record delayed again after recording 42 data breaches this year.
  • My Health Record system data reaches rise
  • As My Health Record opt-out ends, security concerns continue

Victorian Public Servants – January 2019

• • Victorian Public Servants hit by massive data theft – The work details of 30,000 of Victorian public servants were stolen from a government directory in a data breach just days before Christmas.