2019 - Data Breach Notifications in Australia

Plenty of Fish (PoF) – December 2019

• Plenty of Fish leaks private user information – Users have private information freely displayed on their dating profiles

Primus Realty – December 2019

• Credit card and other details of Perth rental applicants may have been public for 21 months

Amazon Ring – December 2019

• Amazon Ring cameras keep getting hacked. Here’s how to protect your Ring against hackers

Vistaprint – December 2019

• 800 Australians in Vistaprint data breach – Web-to-print giant Vistaprint has discovered around 800 of its Australian customers were on the online data breach first revealed in an Australia-exclusive by Print21 last week, and at the time thought to not include any local customers.

Monash IVF Group – December 2019

• Fears over patient data breach after cyberattack on Monash IVF – One of Australia’s largest IVF providers has warned patients that it could not rule out the possibility their personal information may have been breached following a widespread cyberattack on staff emails last month.

ANU – November 2019

• ANU students forced to re-sit exam after data leak

Nord VPN Breach – November 2019

• What’s the truth about the NordVPN breach? Here’s what we now know. Exactly what happened is a complex story…

AIS, Sport Australia – November 2019

• AIS, Sport Australia investigate potential data breach – The AIS and Sport Australia are investigating a potential breach of an agency email account after it was hacked last week.

ZoneAlarm – November 2019

• Personal details of 4,500 forum subscribers were obtained by hackers

Monash IVF Group – November 2019

• Monash IVF patients receive bogus emails after ‘malicious cyber attack’ on fertility company

NSW Labor Headquarters – November 2019

• NSW Labor Headquarters Reported For possible Data Breach – The NSW Labor party could be dragged into the troubles of an embattled Sydney mayor after he was accused of breaching data privacy laws and misusing the electoral roll.

Adobe – October 2019

• 7.5 Million Adobe Accounts Exposed By Security Blunder

GET – October 2019

• Tech start-up apologises to students after potential data breach

Google – October 2019

• ACCC Go After Google Claiming Data Breach

Optus – October 2019

• Thousands of Optus mobile numbers mistakenly published in White Pages

Sydney IT Contractor – October 2019

• Sydney IT contractorcould face jail over data breaches affecting 270,000 people
• ‘Trusted inside access’ – Sydney IT contractor arrested over Landmark White data breach
• Contractor charged over Sydney data breach

Victorian Hospitals – October 2019

• Surgeries delayed and patient security fears after cyber attack on Victorian hospitals
• Multiple Victorian hospitals hacked in suspected ransomware attack

Zynga – October 2019

• Social games company Zynga reveals data breach – Zynga has disclosed a data breach that may have compromised millions of account login details for its popular Words With Friends and Draw Something games.
• Words With Friends Data Allegedly Stolen In Breach That Could Affect 218 Million Users

DoorDash – September 2019

• UberEats competitor DoorDash suffers data breach, exposing details of five million customers
• DoorDash security breach affects nearly 5 million users

Get – September 2019

• ‘Alarming’ Data Breach Exposes 50,000 Students In Ticketing Website Bungle
• Get data breach leaves 50,000 students vulnerable
• Data breach suffered by online service used by SASS, SciSoc, St John’s College

TGI Fridays – September 2019

• TGI Fridays admits to exposing customer data, as Aussie breaches spike
• TGI Fridays Australia data breach highlights concern

Web.com – August 2019

• Web.com, Register.com and Network Solutions all suffered a data breach in August

Imperva – August 2019

• Imperva discloses data breach affecting some firewall users

PAY ID – August 2019

• Personal banking information at risk following fresh data breach
• Banks told to tighten security after payments data breach
• PayID in new breach affecting customers at big four banks
• Aussie banks warn customers after fresh PayID data breach
• PayID breach sees customers’ banking information hacked – Tens of thousands of customers’ personal banking details are at risk after scammers broke into a new payment database.

BUPA – Sonic HealthPlus (SHP) – August 2019

• Sensitive personal data of hundreds of visa applicants accidentally leaked in email mishap – The personal health information of 317 people applying for Australian visas was accidentally emailed to a member of the general public, an ABC investigation has revealed.

Myki – August 2019

• Watchdog slams Public Transport Victoria for Myki data breach
• Botched myki data release breached privacy laws
• ‘Shocking’ myki privacy breach for millions of users in data release
• Myki data leak put privacy at risk: report

TAFE NSW – August 2019

• Exclusive: TAFE NSW staff details stolen after computer systems allegedly hacked

Cloud Union – New Zealand – August 2019

• Ecommerce service exposed passports, ID details of users – S3 bucket included details of individuals included in the Dow Jones Watchlist

Air New Zealand – August 2019

• Air New Zealand staffer falls for phishing attack – Customer info stolen two weeks after airline praised for data privacy.

Neoclinical – August 2019

• Thousands of medical histories exposed in data breach

Sephora – July 2019

• Sephora in damage control after Aussies’ data leaked
• Sephora: “some customers may have been exposed”

AAMC Loss Assessor – July 2019

• Motor loss assessing firm AAMC has alerted insurers after an unauthorised cyber breach affected part of its systems.

NAB – July 2019

• NAB reveals 13,000-person data breach at 6PM Friday – Dataset uploaded to the servers of two service providers.
• NAB admits thousands had personal data breached, blaming ‘human error’

Equifax – July 2019

• Equifax hit with major pay out for data breach settlement

MYOB – July 2019

• MYOB in payslip privacy bungle – Blamed on cloud system “glitch”
• Australian workers’ salaries exposed after MYOB glitch

Commonwealth Bank – July 2019

• Comm Bank slapped over failed security – Missing bank statements cause concern about customer privacy

British Airways – July 2019

• British Airways faces record-breaking fine over data breach
• British Airways faces record $329m fine over data breach – Punished under GDPR
• BA to contest data breach fine

Queensland Health – July 2019

• Queensland Health launches investigation after medical files found on busy Brisbane road

MEGT & Ability English – July 2019

• Education services provider confirms data breach – Student information system provider left data in open S3 bucket

Insurance House – June 2019

• Cyber attack impacts Insurance House
• Insurance House wrestles with cyber attack aftermath
• Cyber crooks ‘demanded ransom’ from ProRisk
• We don’t pay ransoms

GeelongPort – June 2019

• GeelongPort has been the subject of a cyber attack, resulting in a data breach of its electronically stored information such as visitor induction names and driver licences.

Nagle Catholic College WA – June 2019

• Parents’ financial details stolen in cyber attack on Geraldton Catholic school
• Geraldton’s Nagle Catholic College swept up in cyber attack targeting parent banking details
• Nagle Catholic College parents targeted in cyber attack on Geraldton high school

Specsavers Qld – June 2019

• Specsavers says Qld customers’ private medical information may have been compromised

Symantec – June 2019

• Symantec breach revealed client list, passwords: report

Australian Catholic University – June 2019

• Staff details stolen in fresh data breach
• ACU discloses data breach
• Phishers hit ACU, compromised systems
• ACU systems compromised and details stolen after cyber breach
• Attackers use phishing to gain access to ACU staff data

Revenue NSW – June 2019

• Privacy fears for Illawarra drivers as NSW govt data breach referred to ICAC Illawarra drivers may have had their private details leaked to the media as part of a “political smear campaign”
• NSW Labor refers alleged data leak to ICAC

Australian National University – June 2019

• China ‘behind’ huge ANU hack amid fears government employees could be compromised
• ANU breach a risk for security officials as China becomes key suspect
• Almost 20 years of personal data was stolen from ANU. It could show up on the dark web
• 19 years’ worth of personal data stolen from ANU – It could be sold on the dark web

Microsoft – May 2019

• Patch now against wormable ‘BlueKeep’ remote desktop flaw: ACSC – Spectre of another WannaCry-style epidemic raised

Princess Polly – May 2019

• Aussie fashion e-tailer Princess Polly suffers data breach – Card info may have been captured as it was entered into site

Canva – May 2019

• Canva under cyber-attack, with reportedly as many as 139 million users affected
• Aussie Canva Hit By Massive Data Breach: User Details Stolen
• Canva criticised after data breach exposed 139m user details
• “Marketing fluff”: What startups can learn from Canva’s data-breach response

Instagram – May 2019

• Instagram hit by two privacy breaches in a week – The Facebook-owned company fails it users.
• Instagram users’ data exposed to hackers
• Instagram has a MAJOR personal data breach 50 million users have had their personal details shared
• Perth socialite Melissa Graham held to ransom after Instagram privacy breach

CCH software – May 2019

• Wolters Kluwer takes down cloud services after malware infection – Impacts Australian users of CCH software

Binance – May 2019

• Binance hackers shift stolen bitcoin, identity still unclear: researchers – Funds now sitting in several digital wallets

Twitter – May 2019

• Twitter accidentally shares user location data with advertising partner | Through Apple devices

WhatsApp – May 2019

• WhatsApp flaw allowed spyware injection via calls | Pegasus comes calling whether you answer or not
• WhatsApp urges upgrade after ‘serious’ security breach allowed hackers to put spyware on phones
• WhatsApp major security flaw could let hackers access phones
• WhatsApp patches flaw after spyware revelation
• WhatsApp security breach likely a government surveillance attack, company says

WPA3 Dragonfly – April 2019

• New wi-fi security standard broken already | Implementations not done properly

Wipro – April 2019

• Wipro hacked, internal systems used to attack customers: report Months-long intrusion
• Wipro confirms breach, says customers are ‘anxious’
• Connectwise CEO defends security stance after Wipro breach

Speedrun.com – April 2019

• Major Speedrunning Hub Forced To Roll Back Rankings After Security Breach

Australia Post – March 2019

• AusPost’s Bill Scanner caught up in Gmail privacy sweep – Works with Google to ensure API permissions aren’t revoked

ASUS – March 2019

• ASUS users targeted in large supply chain attack – Users infected via software update utility
• ASUS releases fix after ShadowHammer malware attack – But some users unable to update to non-backdoored software

Bank of Queensland – March 2019

• Bank warns of reported third-party data breach – The Bank of Queensland has announced that it has been made aware of a personal data breach by a third party provider

Kathmandu – March 2019

• Credit cards cancelled as Kathmandu reveals online store hacked – month-long breach during peak discount period
• Kathmandu hit by hackers
• Credit cards cancelled as Kathmandu reveals online store hacked
• Kathmandu flags suspected data breach
• Data breaches have possibility to ruin customer relationships

Citrix – March 2019

• Citrix investigates major security breach – resecurity says it believes at least 6TB of data was downloaded
• Citrix hackers stole employee, financial data

Melbourne Hospital – February 2019

• A cyber crime syndicate accessed the medical files of 15,000 patients at Melbourne Heart Group at Melbourne’s Cabrini Hospital
• ‘The crooks are ahead’: Cabrini breach a warning for Australia
• Melbourne heart clinic hit by ransomware attack

CoffeeMeetsBagel – February 2019

• Dating site Coffee MeetsBagel warns Aussie users of data breach on Valentines Day
• ‘Coffee Meets Bagel’ Dating Site Hit by Data Breach

9Honey – February 2019

• Dating app suffers data breach

Toyota Australia – February 2019

• Toyota Australia hit by cyber attack – takes down email and other systems
• Cyber Ransom Attacks On The Rise, Toyota Australia has confirmed it has been subject to an attempted cyber attack
• Millions of customers’ data accessed in second Toyota hack – Tokyo sales subsidiaries raided
• Toyota Australia hit by cyber attack

AMP – February 2019

• Chinese AMP contractor pleads guilty to data breach

LandMark White – February 2019

• Australian bank customers caught in valuation firm data breach | Caused by undisclosed ‘security vulnerability’
• Home loan details of 100,000 customers hacked in major data breach
• LandMark White blames exposed API for data breach – ANZ confirms it has suspended use of the property valuer
• Valuation firm hit by data breach LandMark White pleads for long share suspension
• Embattled LandMark White shares drop 10.6 pc after data breach
• NAB pulls plug on LandMark White as home loan breach scandal grows
• LandMark White blames ill-informed public commentary on its dark web data breach for further ASX share suspension
• Centrelink keeps LandmarkWhite, says data breach hit ‘very small’ client group
• LandMark White counts cost of data breach – LandMark White still unsure of financial impact
• LandmarkWhite knew of IT weakness in 2017, a year before data breach
• Landmark White’s stolen data re-appears on dark web
• Landmark White data disaster claims CEO scalp
• LandmarkWhite faces regulator scrutiny over IT response, disclosure
• LandMark White CEO exits after data breach – two directors step down from board
• CBA assures itself of LandMark White’s post-breach infosec
• LandMark White’s data breach just the beginning for cyber criminals

Department of Parliamentary Services – February 2019

• Security breach strikes parliament’s IT network – all passwords reset
• Political party networks caught up in parliament’s IT breach – but no evidence of electoral interference
• The cyber attack on Parliament was done by a ‘state actor’ 
• Citrix | Australian parliament hackers gain remote access

Bunnings – February 2019

• Bunnings exposed staff performance database – individual staffer did unwanted homework

Facebook – January 2019

• Apple Shuts Down Facebook Data Collecting App – Since 2016, Facebook has been asking users to install a “Facebook Research” VPN that lets the company monitor their phone and online activity, according to Tech Crunch
• Apple punishes Facebook over app that paid users to hand over data
• The Apple-Facebook Feud Hits a Breaking Point
• Facebook stored millions of user passwords in plain text – hundreds of millions of users to be notified
• Facebook says up to 111,813 Aussies in last year’s security breach
• Facebook’s lax security has left millions of users with a lot to worry about
• Facebook staff had access to millions of users’ passwords in plain text, violating security practices

Global Hacking Scare – January 2019

• Global hacking scare nets Queensland MP, Surf Life Saving as millions of passwords breached – websites belonging to Queensland’s Deputy Opposition Leader, a real estate business and Surf Life Saving Australia are among thousands of pages caught up in the latest international data breach

SkoolBag – January 2019

• MOQdigital’s education software platform SkoolBag caught in global data breach

Optus – January 2019

• ‘Mistakenly’ Publishes Private Numbers Online And In White Pages

Collection #1 – January 2019

• Breach Exposes a Record 773 Million Email Addresses – The massive trove of leaked data, which was posted to a hacking forum, also includes 21,222,975 unique passwords.
• Experts comment on record 772mil-user data breach – Cybersecurity expert and founder of website Have I Been Pwned Troy Hunt broke the news recently that the largest ever database of breached login details have been leaked on the dark web.
• Data leak – Collection #1 is the just the beginning
• Cyber watchdog warns on dark web PS data – The Australian Cyber Security Centre (ACSC) has urged organisations and individuals across the Australian Public Service to check if their email addresses and/or passwords are included on recently released lists of stolen data.

Fisheries Queensland – January 2019

• Fisheries Qld blames bad update for password ‘fault – allowed fisherman to get into any account.

First National Real Estate – January 2019

• Job applicant data exposed online CVs and cover letters published
• Real estate industry provider exposes data
• Data breach exposes personal info of jobseekers

Department of Planning and Environment, NSW Major Projects – January 2019

• Fury over privacy ‘breach’. FURIOUS Tweed Valley Hospital site protesters say their privacy has been breached after a State Government body allegedly published their personal details online without permission.

Victorian Government – January 2019

•  Vic Govt employee directory accessed by unauthorised party impacts about 30,000 staff

Marriott Hotel Group / Starwood – January 2019

• Marriott Unsure How Many Hundreds Of Millions Of Guests Got Screwed By Data Breach
• Starwood hack exposed 5.25m unencrypted passport numbers
• Marriott CEO apologises for data breach, vows improvements

Early Warning Network – January 2019

• Emergency text and email service hacked, thousands receive warning messages about their personal data.

Big W – January 2019

• Customer data leaked due to printer repair mishap

Hawthorn Football Club – January 2019

• Hawks warn members of security threat

Nova Entertainment – January 2019

• Nova notifies listeners of data breach – Nova Entertainment has admitted that listeners’ data from the period of May 2009 to October 2011 has been “publicly disclosed”.
• Nova admits to huge data breach
• Nova Admits Listener Info Has Been Leaked

My Health Records – January 2019

• Critics want My Health Record delayed again after recording 42 data breaches this year.
• My Health Record system data reaches rise
• As My Health Record opt-out ends, security concerns continue

Victorian Public Servants – January 2019

• Victorian Public Servants hit by massive data theft – The work details of 30,000 of Victorian public servants were stolen from a government directory in a data breach just days before Christmas.

Reference and Credit goes to Webber Insurance