Data Breaches 2019-2018

The companies listed below have IT services or data warehouses based in Australia, which have all been compromised or suffered from a data breach in 2018-2019 –  you never want to see your business or your business partners on this list.

Contact ICTAA today and ask how we can protect your IT ecosystem, staff and business partners and ensure you never make it onto the naughty list below.

SpecSavers – July 2019

• Server stolen which contained customer data

Symantec – June 2019

• Symantec breach revealed client list, passwords:

Australian Catholic University – June 2019

• Staff details stolen in fresh data breach
• ACU discloses data breach
• Phishers hit ACU, compromised systems
• ACU systems compromised and details stolen after cyber breach
• Attackers use phishing to gain access to ACU staff data

Revenue NSW – June 2019

• Privacy fears for Illawarra drivers as NSW govt data breach referred to ICAC Illawarra drivers may have had their private details leaked to the media as part of a “political smear campaign”
• NSW Labor refers alleged data leak to ICAC

Australian National University – June 2019

• China ‘behind’ huge ANU hack amid fears government employees could be compromised
• ANU breach a risk for security officials as China becomes key suspect
• Almost 20 years of personal data was stolen from ANU. It could show up on the dark web
• 19 years’ worth of personal data stolen from ANU – It could be sold on the dark web

Microsoft – May 2019

• Patch now against wormable ‘BlueKeep’ remote desktop flaw: ACSC – Spectre of another WannaCry-style epidemic raised

Princess Polly – May 2019

• Aussie fashion e-tailer Princess Polly suffers data breach – Card info may have been captured as it was entered into site

Canva – May 2019

• Canva under cyber-attack, with reportedly as many as 139 million users affected
• Aussie Canva Hit By Massive Data Breach: User Details Stolen
• Canva criticised after data breach exposed 139m user details
• “Marketing fluff”: What startups can learn from Canva’s data-breach response

Instagram – May 2019

• Instagram hit by two privacy breaches in a week – The Facebook-owned company fails it users.
• Instagram users’ data exposed to hackers
• Instagram has a MAJOR personal data breach 50 million users have had their personal details shared
• Perth socialite Melissa Graham held to ransom after Instagram privacy breach

CCH software – May 2019

• Wolters Kluwer takes down cloud services after malware infection – Impacts Australian users of CCH software

Binance – May 2019

• Binance hackers shift stolen bitcoin, identity still unclear: researchers – Funds now sitting in several digital wallets

Twitter – May 2019

• Twitter accidentally shares user location data with advertising partner | Through Apple devices

WhatsApp – May 2019

• WhatsApp flaw allowed spyware injection via calls | Pegasus comes calling whether you answer or not
• WhatsApp urges upgrade after ‘serious’ security breach allowed hackers to put spyware on phones
• WhatsApp major security flaw could let hackers access phones
• WhatsApp patches flaw after spyware revelation
• WhatsApp security breach likely a government surveillance attack, company says

WPA3 Dragonfly – April 2019

• New wi-fi security standard broken already | Implementations not done properly

Wipro – April 2019

• Wipro hacked, internal systems used to attack customers: report Months-long intrusion
• Wipro confirms breach, says customers are ‘anxious’
• Connectwise CEO defends security stance after Wipro breach

Speedrun.com – April 2019

• Major Speedrunning Hub Forced To Roll Back Rankings After Security Breach

Australia Post – March 2019

• AusPost’s Bill Scanner caught up in Gmail privacy sweep – Works with Google to ensure API permissions aren’t revoked

ASUS – March 2019

• ASUS users targeted in large supply chain attack – Users infected via software update utility
• ASUS releases fix after ShadowHammer malware attack – But some users unable to update to non-backdoored software

Bank of Queensland – March 2019

• Bank warns of reported third-party data breach – The Bank of Queensland has announced that it has been made aware of a personal data breach by a third party provider

Kathmandu – March 2019

• Credit cards cancelled as Kathmandu reveals online store hacked – month-long breach during peak discount period
• Kathmandu hit by hackers
• Credit cards cancelled as Kathmandu reveals online store hacked
• Kathmandu flags suspected data breach
• Data breaches have possibility to ruin customer relationships

Citrix – March 2019

• Citrix investigates major security breach – resecurity says it believes at least 6TB of data was downloaded
• Citrix hackers stole employee, financial data

Melbourne Hospital – February 2019

• A cyber crime syndicate accessed the medical files of 15,000 patients at Melbourne Heart Group at Melbourne’s Cabrini Hospital
• ‘The crooks are ahead’: Cabrini breach a warning for Australia
• Melbourne heart clinic hit by ransomware attack

CoffeeMeetsBagel – February 2019

• Dating site Coffee MeetsBagel warns Aussie users of data breach on Valentines Day
• ‘Coffee Meets Bagel’ Dating Site Hit by Data Breach

9Honey – February 2019

• Dating app suffers data breach

Toyota Australia – February 2019

• Toyota Australia hit by cyber attack – takes down email and other systems
• Cyber Ransom Attacks On The Rise, Toyota Australia has confirmed it has been subject to an attempted cyber attack
• Millions of customers’ data accessed in second Toyota hack – Tokyo sales subsidiaries raided
• Toyota Australia hit by cyber attack

AMP – February 2019

• Chinese AMP contractor pleads guilty to data breach

LandMark White – February 2019

• Australian bank customers caught in valuation firm data breach | Caused by undisclosed ‘security vulnerability’
• Home loan details of 100,000 customers hacked in major data breach
• LandMark White blames exposed API for data breach – ANZ confirms it has suspended use of the property valuer
• Valuation firm hit by data breach LandMark White pleads for long share suspension
• Embattled LandMark White shares drop 10.6 pc after data breach
• NAB pulls plug on LandMark White as home loan breach scandal grows
• LandMark White blames ill-informed public commentary on its dark web data breach for further ASX share suspension
• Centrelink keeps LandmarkWhite, says data breach hit ‘very small’ client group
• LandMark White counts cost of data breach – LandMark White still unsure of financial impact
• LandmarkWhite knew of IT weakness in 2017, a year before data breach
• Landmark White’s stolen data re-appears on dark web
• Landmark White data disaster claims CEO scalp
• LandmarkWhite faces regulator scrutiny over IT response, disclosure
• LandMark White CEO exits after data breach – two directors step down from board
• CBA assures itself of LandMark White’s post-breach infosec
• LandMark White’s data breach just the beginning for cyber criminals

Department of Parliamentary Services – February 2019

• Security breach strikes parliament’s IT network – all passwords reset
• Political party networks caught up in parliament’s IT breach – but no evidence of electoral interference
• The cyber attack on Parliament was done by a ‘state actor’ 
• Citrix | Australian parliament hackers gain remote access

Bunnings – February 2019

• Bunnings exposed staff performance database – individual staffer did unwanted homework

Facebook – January 2019

• Apple Shuts Down Facebook Data Collecting App – Since 2016, Facebook has been asking users to install a “Facebook Research” VPN that lets the company monitor their phone and online activity, according to Tech Crunch
• Apple punishes Facebook over app that paid users to hand over data
• The Apple-Facebook Feud Hits a Breaking Point
• Facebook stored millions of user passwords in plain text – hundreds of millions of users to be notified
• Facebook says up to 111,813 Aussies in last year’s security breach
• Facebook’s lax security has left millions of users with a lot to worry about
• Facebook staff had access to millions of users’ passwords in plain text, violating security practices

Global Hacking Scare – January 2019

• Global hacking scare nets Queensland MP, Surf Life Saving as millions of passwords breached – websites belonging to Queensland’s Deputy Opposition Leader, a real estate business and Surf Life Saving Australia are among thousands of pages caught up in the latest international data breach

SkoolBag – January 2019

• MOQdigital’s education software platform SkoolBag caught in global data breach

Optus – January 2019

• ‘Mistakenly’ Publishes Private Numbers Online And In White Pages

Collection #1 – January 2019

• Breach Exposes a Record 773 Million Email Addresses – The massive trove of leaked data, which was posted to a hacking forum, also includes 21,222,975 unique passwords.
• Experts comment on record 772mil-user data breach – Cybersecurity expert and founder of website Have I Been Pwned Troy Hunt broke the news recently that the largest ever database of breached login details have been leaked on the dark web.
• Data leak – Collection #1 is the just the beginning
• Cyber watchdog warns on dark web PS data – The Australian Cyber Security Centre (ACSC) has urged organisations and individuals across the Australian Public Service to check if their email addresses and/or passwords are included on recently released lists of stolen data.

Fisheries Queensland – January 2019

• Fisheries Qld blames bad update for password ‘fault – allowed fisherman to get into any account.

First National Real Estate – January 2019

• Job applicant data exposed online CVs and cover letters published
• Real estate industry provider exposes data
• Data breach exposes personal info of jobseekers

Department of Planning and Environment, NSW Major Projects – January 2019

• Fury over privacy ‘breach’. FURIOUS Tweed Valley Hospital site protesters say their privacy has been breached after a State Government body allegedly published their personal details online without permission.

Victorian Government – January 2019

•  Vic Govt employee directory accessed by unauthorised party impacts about 30,000 staff

Marriott Hotel Group / Starwood – January 2019

• Marriott Unsure How Many Hundreds Of Millions Of Guests Got Screwed By Data Breach
• Starwood hack exposed 5.25m unencrypted passport numbers
• Marriott CEO apologises for data breach, vows improvements

Early Warning Network – January 2019

• Emergency text and email service hacked, thousands receive warning messages about their personal data.

Big W – January 2019

• Customer data leaked due to printer repair mishap

Hawthorn Football Club – January 2019

• Hawks warn members of security threat

Nova Entertainment – January 2019

• Nova notifies listeners of data breach – Nova Entertainment has admitted that listeners’ data from the period of May 2009 to October 2011 has been “publicly disclosed”.
• Nova admits to huge data breach
• Nova Admits Listener Info Has Been Leaked

My Health Records – January 2019

• Critics want My Health Record delayed again after recording 42 data breaches this year.
• My Health Record system data reaches rise
• As My Health Record opt-out ends, security concerns continue

Victorian Public Servants – January 2019

• Victorian Public Servants hit by massive data theft – The work details of 30,000 of Victorian public servants were stolen from a government directory in a data breach just days before Christmas.

Commonwealth Bank – December 2018

• Commonwealth Bank customers’ medical data exposed in potential privacy breach – The Commonwealth Bank is urgently investigating a potential data breach that may have given its staff access to customers’ sensitive medical information.

Humble Bundle – December 2018

•  Humble Bundle Falls Victim To ‘Very Limited’ Data Breach [Updated] 

News Corp – December 2018

• News Corp’s email bungle a harsh lesson in data privacy

Marriott’s Hotels – December 2018

• Massive data breach at Marriott’s hotels exposes private data of 500,000 guests – A massive data breach has exposed the private data, including passport and credit card numbers, of half a million guests of the international hotel chain.
• Credit card info and passport details of 500 million Marriott guests stolen in mammoth data breach

Dell – November 2018

• Dell resets dell.com passwords after finding likely data breach – Computer manufacturer Dell has reset all passwords for accounts on its dell.com site, after it became aware on 9 November that an attempt to exfiltrate data was taking place.

Victoria’s Emergency Services – November 2018

• ‘Appalling’ emergency services data breach to be investigated – The state government will launch an immediate investigation into an “appalling”  data breach that saw personal details of emergency services staff posted to the web.

Amazon – November 2018

• Amazon suffers data breach, but says little about it –Amazon delivered a nasty surprise on one of its busiest days of the year today after discovering it had “inadvertently” leaked customers’ personal information.
• Amazon suffers customer data breach hours before Black Friday
• Amazon is getting slammed for a confusing email telling some customers they don’t need to change their password after a data leak
• Amazon Is Offering Gift Cards To Customers Who Complain About Its Data Breach

PageUp People – November 2018 Update

• No evidence’ data stolen in compromise

Federal Group Hotel – November 2018

• Contact databases hit by ‘low risk’ data breach – A Tasmanian luxury hotel and casino group has told some guests their personal information may have been accessed by a third party after a “low risk” data breach saw contact databases affected.
• Data breach hits luxury hotels in Tasmania, with guest details at risk of theft by ‘third party’.

Under Armour’s MyFitnessPal App – November 2018

• Under Armour says 4 million Aussie accounts in data breach – 150 million impacted worldwide

Austal – October 2018

• Extortionists target Aussie defence shipbuilder after cyber security breach
  Australia’s biggest defence exporter has been targeted by extortionists who launched a successful cyber attack to breach the company’s data management systems.
• Shipbuilder’s information accessed and offered for sale.

Facebook – September 2018

• Security breach affects 50 million users – company logs off 90 million accounts as a precaution.
• Everything we know about Facebook’s data breach
• Forbes coverage of Facebooks massive data breach
• Facebook trims data breach to 29m users
• Facebook says it will message users affected following the theft of data from 29 million accounts to tell them what type of information has been accessed.

Perth Mint – September 2018

• Perth Mint revises data breach impact – thousands of customers now affected.

RCR Tomlinson Engineering – August 2018

• RCR Tomlinson sat on staff data breach for three months.

Strathmore Secondary College – August 2018

• Probe into Melb high school privacy breach – The education department is investigating a privacy breach resulting in the accidental publication of Melbourne high school students’ personal records.

Airport Security Identity Cards (ASICs) – July 2018

• Airport security card company reveals data hack as AFP investigates.

MY Health Record – July 2018

• Could be our worst government data breach yet.
• My Health record data breach.
• Privacy Commissioner poised to release delayed data breach report but My Health Record adopts a different definition

Townsville City Council [Typeform] –  July 2018

• Online system used by Townsville City Council hacked exposing public’s personal details.  HACKERS may have obtained the personal details who entered an art competition run by Townsville City Council. The council confirmed it had been notified about a security breach on Typeform, a company it uses.

Timehop App – July 2018

• Social media memories app Timehop got hit by a data breach affecting 21 million users.
• Security Brief’s article on the Timehop hack
• PC Authority’s coverage on the Timehop data breach

Cairns council hit by data breach [Typeform] | July 2018

• Cairns Regional Council has confirmed two of its online surveys were impacted by data security breaches
• Cairns Council Apologies After Hackers Breach Forms

PEXA – National e-conveyancing platform – July 2018

• PEXA account compromise sees family lose home sale funds – Security team scanning logs for same pattern.

Australian National University – July 2018

• ANU network ‘significantly compromised’ by hackers – University has spent ‘months’ containing threat
  
• Chinese Hackers Breach ANU

Airtasker – July 2018

• Airtasker caught up in Typeform data breach – Jobs marketplace Airtasker has revealed a “small amount” of data it collected through web forms may have been compromised in the Typeform breach

Bakers Delight – July 2018

• Bakers Delight warns comp entrants after Typeform breach – latest Australian company to notify customers of potential exposure to the Typeform data breach.

Tasmanian Electoral Commission – July 2018

• Tasmanian voters caught in data breach – Express vote applicants impacted

Ticketmaster – June 2018

• Ticketmaster Australia admits customer details may have been stolen in hack.
• Musicfeeds Article
• Sydney Morning Herald Article

HealthEngine – June 2018

• HealthEngine reveals data breach – Patient feedback information ‘may’ have been accessed

Flightradar24 – June 2018

• Flightradar24 suffers security breach – Attackers hit single server – Popular flight tracking site Flightradar24 has suffered a security breach that “may” have compromised the email addresses and hashed passwords

PageUp People – June 2018

• PageUp People all but confirms personal data ‘accessed’ – Widely-used Australian cloud HR vendor

MyHeritage – June 2018

• MyHeritage breach leaks 92 million users’ details – A security breach at family networking and genealogy website leaked email addresses and hashed passwords of users

Family Planning NSW – May 2018

• Family Planning NSW hit by ransomware attack – may have compromised online databases.

Svitzer Australia – March 2018

• First data breach publicised under Australian notice scheme – Svizter reveals email leak

GoGet – January 2018

• GoGet reveals data breach as police arrest alleged hacker – Car Sharing Service – Customer data accessed