2020 - Data Breach Notifications in Australia

OAIC – 2020

• Notifiable Data Breaches Report 01/07/20 – 31/12/20
• Australian govt entity hit by brute-force attack | Agencies rack up reportable data breaches in back half of 2020.

Nintendo Switch – December 2020

• Nintendo Switch breach: dangerous data leak could’ve killed Switch – Massive data leak shows early Switch designs and leaked keys that could’ve toppled console

Ledger – December 2020

• Crypto wallet data breach compromises hundreds of thousands of users | Names and mailing addresses were leaked online

Spotify – December 2020

• Spotify resets passwords after a security bug exposed users’ private account information

FireEye – December 2020

• FireEye discloses breach, theft of red team tools | Releases ‘hundreds’ of countermeasures

NSW State Transit Authority – December 2020

• Ransomware outed as cause of State Transit Authority outage | Audit confirms June cyber incident took place

Flight Centre – 2017, reported December 2020

• Flight Centre leaks customer data in an incredibly stupid way
• An investigation into a major data breach involving Flight Centre Travel Group (FCTG) more than three years ago has found that the company broke a number of Australian Privacy Principles.
• Flight Centre hackathon behind 2017 breach, exposed 6918 customers’ data | Full post-mortem revealed for the first time

BTC Markets – December 2020

• BTC Markets exposes customer names, emails in botched blast send | Australia’s largest cryptocurrency exchange apologises for error

Levitas Capital – November 2020

• Hacked Sydney hedge fund part of $170m cyber crime spree

Law in Order – November 2020

• Hackers threaten to publish data from attack on legal services firm

Sophos – November 2020

• Sophos tight-lipped about data breach, no lessons learnt from WannaCry bungle
• Sophos warns customers it was hit by data breach | Data breach has exposed sensitive information of Sophos users

Wildworks – November 2020

• Animal Jam was hacked, and data stolen; here’s what parents need to know

Capcom – November 2020

• ‘Resident Evil’ game maker Capcom confirms data breach after ransomware attack
• Dragon’s Dogma 2, Street Fighter 6 reportedly leaked in Capcom data breach

Prestige Software – November 2020

• Booking.com, Expedia Group, Hotels.com customers in suspected data breach

Blackbaud – November 2020

• OAIC confirms inquiries made with cloud software firm that was breached

Nitro PDF – October 2020

• Nitro PDF suffers massive data breach, exposing Microsoft, Google, Amazon documents
• Nitro again insists data breach ‘isolated’ as incident gets more coverage

Spotless – October 2020

• Spotless hit by ransomware attack | Exclusive: Confirms a ‘number’ of servers ‘accessed’

DFAT – September 2020

• Private emails of Australians stranded countries unintentionally revealed by DFAT

CloudBees CodeShip – September 2020

• DevOps solutions provider CloudBees discloses data breach | Malicious actor accessed failover database for a year.

Scouts Victoria – September 2020

• Potential personal data breach of about 900 people after Scouts Victoria hacked
• Scouts Victoria data breach potentially nets 900 people’s personal details | Including bank details, birth certificates and court orders

Activision – September 2020

• Possible Activision hack puts thousands of COD player accounts at risk – here’s all you need to know

University of Tasmania – September 2020

• IT bungle leads to mass student data breach
• Data breach at University of Tasmania affects 20,000 students
• UTAS contacts 19,900 students caught up in data breach
• University of Tasmania leaks data of 19,900 students | Sharepoint site gave access to anyone with a UTAS email.

Royal Queensland Yacht Squadron – September 2020

• Royal Queensland Yacht Squadron To Be Questioned By Office Of Australian Information Commissioner After Data Breach

Zhenhua Data – September 2020

• A Huge Chinese Data Breach Has Exposed Info Of 35,000 Aussies Including… Natalie Imbruglia?
• Leaked Chinese database show company’s interest in Australia’s space and science sector
• Australian business leaders caught up in China’s mass surveillance: Here’s what it means

Telmate – September 2020

• Telmate data breach leaked personal info for millions of prisoners

K7Maths – September 2020

• Large Australian education data leak traced to third-party service – AusCERT rules out government ownership

Transport for NSW – August 2020

• Over 54,000 scanned NSW driver’s licences found in open cloud storage – TfNSW investigates mystery data leak on AWS S3
• More than 50,000 NSW driver’s licences exposed in mystery data leak – Drive understands those affected have not been contacted yet
• More than 50,000 NSW driver’s licences exposed in mystery data leak – It remains unclear where the image files came from, but experts say a fleet or toll operator could be to blame.
• Service NSW still waiting to notify on data breach after four months
• NSW driver’s licence data breach left Sydney health worker ‘sickened’
• How Bob the Ukrainian security consultant uncovered massive Australian data breach
• ALP calls for action after data breach affects 50,000 NSW drivers
• Data breach exposes tens of thousands of NSW driver’s licences online

Freepik – August 2020

• Popular stock image website Freepik suffers massive data breach

Tik Tok, Instagram & YouTube – August 2020

• How to Deal With This TikTok, Instagram, and YouTube Data Breach

RI Advice Group – August 2020

• ASIC sues financial services company for repeated hacks | Hacker spent 155 hours logged in without detection
• ASIC comes for IOOF subsidiary over inadequate cyber security infrastructure
• Company sued over poor cyber security – Passwords found in text files on server desktop

Canon – August 2020

• Canon data leaked online after company refuses to negotiate with ransomware attackers

ACT Public Schools – August 2020

• Canberra students gained access to school network to send graphic content to children across ACT

Visa Europe Ltd – August 2020

• iSignthis Ltd (ASX:ISX) Visa Europe Ltd -Breach of Personal Data

Carnival Corporation – August 2020

• Carnival Corporation has been hit by a ransomware attack on one of its brand’s IT systems

Intel – August 2020

• Intel investigates source code dump of proprietary data – Intel is investigating the recent leak that dumped more than 20GB of proprietary data into the public domain

Australian Universities – August 2020

• Investigating ‘deeply concerning’ hack of controversial exam software – Personal records of 444,000 ProctorU users have reportedly been obtained in a hack and leaked online in hacker forums
• Hackers hit university online exam tool
• Australian universities investigate online exam tool data breach

Instacart – July 2020

• Instacart user data is reportedly being sold online, but the company denies there was a breach

Garmin – July 2020

• Garmin goes down after suspected ransomware attack | Production halt in Taiwan, leaked internal email suggests

City of Darwin – July 2020

• The email addresses of thousands of Territorians have been ‘accidentally’ leaked by the City of Darwin ahead of the next round of the MyDarwin voucher scheme

WA Department of Health – July 2020

• WA Department of Health data breach sees confidential patient information published online
• WA Health traces data leak to third-party pager service
• Coronavirus: Teenager allegedly behind massive WA data breach
• Minor allegedly involved in Western Australia’s medical record data breach
• Clarification of reported data breach

VPN – July 2020

• Data breach of free VPN providers exposes details of millions of users

Fraudulent Cryptocurrency Scheme – June 2020

• Over 82,000 Aussies’ details leaked in crypto scam | Victim’s details show up on the web

TikTok – June 2020

• TikTok Secretly Spying On Millions Of iPhone Users | A major TikTok security issue detected by Apple

Twitter – June 2020

• Twitter apologises for business data breach

Google Chrome – June 2020

• Google Chrome Security Breach: 33 Million Downloads Of Spyware

Australia – June 2020

• Australia targeted in ‘sophisticated’ state-based cyber attack
• ‘Cyber attacks’ point to China’s spy agency, Ministry of State Security, as Huawei payback, say former Australian officials
• Australia under cyber attack
• China believed to be behind major cyber attack on Australian governments and businesses

Fisher & Paykel – June 2020

• Fisher & Paykel Appliances struck by Nefilim ransomware

Avon – June 2020

• Avon to reboot systems hit by cyber incident

Lion – June 2020

• Drinks maker Lion shuts IT systems after ‘cyber incident’
• Lion accidentally directs milk orders to Sydney IT security consultancy
• Lion warns of beer shortages after cyber attack
• Drinks maker Lion lost CIO Grainne Kearns in March

Noni B – June 2020

• ‘Whistleblower’ accuses Noni B owner of mass privacy breach

Babylon Health – June 2020

• Babylon Health data breach exposes user medical records to strangers | Bug was accidentally introduced via a recent update
• Babylon Health admits ‘software error’ led to patient data breach
• Babylon Health admits GP app suffered a data breach
• A telemedicine app accidentally leaked videos of people’s medical consultations to other patients

Joomla – June 2020

• Content management system Joomla hit by data breach

AFL Fan Website – May 2020

• 70 million records exposed in data leak from AFL fan website, cyber researchers claim

IN SPORT – May 2020

• Retailer IN SPORT’s head office hit by ransomware – Rebuilds systems but loses some data

My Health Record – May 2020

• My Health Record system hit by hack attempt

Service NSW – May 2020

• Service NSW hit by email compromise attack | Agency tries to work out what they accessed

BlueScope Steel – May 2020

• BlueScope IT ‘disruption’ feared to be ransomware attack | Production systems impacted

GoDaddy – May 2020

• GoDaddy confirms it suffered a data breach | Incident happened in October 2019, GoDaddy tells users

WA Police Force – April 2020

• Confidential details of entire WA Police Force accessed in ‘startling’ audit breach, CCC finds

Optus – April 2020

• Optus hit with $40 million class action after alleged data breach of 50,000 customers details
• Optus faces class action over major data breach
• Optus facing class action over alleged customer privacy breaches

Facebook – April 2020

• Millions of Facebook profiles for sale on the Dark Web

Apple – April 2020

• Flaw in iPhone, iPads may have allowed hackers to steal data for years | But Apple is planning to fix the flaw

Zoom – April 2020

• 500,000 Zoom Account Breaches Reminds Us Not To Be Sloppy With Passwords
• How to stay safe on Houseparty and Zoom
• Intruder alert! How to keep Zoom meetings secure
• How To Protect Your Zoom Account From Recent Data Breaches
• Zoom brings in big guns to fix security problems | Paid users can avoid specific data centres

Marriott – April 2020

• Marriott discloses second data breach in two years

Federal Court – March 2020

• Federal court data breach sees names of protection visa applicants made public

Houseparty – March 2020

• Houseparty denies security breach as users accuse app of hacking accounts

Chubb – March 2020

• Cyber insurer Chubb had data stolen in Maze ransomware attack

Norwegian Cruise Line – March 2020

• World’s third largest cruise line Norwegian suffers data breach

Microsoft Teams and Zoom – March 2020

• Phishers quick to exploit remote working apps in COVID-19 lockdown

Henning Harders – March 2020

• Another Aussie logistics company falls prey to ransomware

Melbourne TAFE – March 2020

• Melbourne TAFE data breach exposes 55k student, staff files – Sensitive financial, health data accessed

Australian Department of Defence – March 2020

• Fears private details of Defence Force members compromised in database hack
• Defence plays down report of likely recruitment database breach

Nord VPN – March 2020

• Top VPN software had a major security flaw – Vulnerability discovered during HackerOne session

Alinta Energy – March 2020

• Alinta Energy accused of putting customers’ sensitive information at risk
• Alinta Energy accused of endangering privacy of 1.1 million customers

Clearview AI – February 2020

• Controversial facial recognition startup Clearview AI hit by massive client data breach
• Leaked Document Shows Australian Police Use Creepy Clearview AI Facial Recognition Software

Talman – February 2020

• Australian wool sales stopped by ransomware attack – Software maker Talman hit by attackers

Samsung – February 2020

• Mystery notification may not have been as innocent as company first claimed

MGM – February 2020

• MGM data breach exposed personal details of 10.6 million hotel guests – If you’ve stayed at an MGM Resorts hotel, you may be among victims of the latest massive data breach.
• MGM Resorts sued over data breach
• CES Attendees Data Hacked MGM Resorts Compromised

Slickwraps – February 2020

• Slickwraps hit by customer data breach – Phone accessory firm ignored multiple warnings from security researcher

Smartwatch – February 2020

• Smartwatch apps let parents keep track of kids, but data breaches mean strangers can watch them

Toll – February 2020

• Toll held to ransom as cyber attack stalls deliveries
• Toll Group confirms “targeted” ransomware attack
• Toll Group hit by “new variant” of Mailto ransomware
• Toll Group tight-lipped on alleged ransomware attack
• Toll Group shuts IT systems after ‘cyber security incident’
• ACSC gets to grips with Mailto threat after Toll Group infection – Releases hash of ransomware “from this incident”

Yarra Trams – February 2020

• Yarra Trams data breach: Commuters’ email addresses exposed

Perth Mint – January 2020

• Perth Mint visitor data stolen after feedback survey company hacked

Microsoft – January 2020

• Microsoft customer support database exposed online
• How To Protect Yourself In Microsoft’s Recent Data Breach

LabCorp – January 2020

• LabCorp security lapse exposed thousands of medical documents

I.M.L. SLU, the parent company of ImLive and PussyCash – January 2020

• Porn site data breach leaks thousands of cam models’ personal details
• Porn stars exposed in data leak
• Exclusive: Australians involved in online pornography data breach

P&N Bank – January 2020

• WA’s P&N Bank hit by data breach – “Non-sensitive” data from CRM accessed

Travelex – January 2020

• Travelex website was hit by Sodinokibi ransomware – Foreign currency firm facing demand to release its systems

Amazon – January 2020

• Amazon Employees Leak Customer Data To Third-Party Agent (Again)

Wyze – January 2020

• How To Protect Your Wyze Account After The Recent Data Breach – A recent security breach has leaked the information of over 2.4 million Wyze security camera users. The compromised database was left unsecured and publicly accessible, and it appears that the information was being collected and stored by the Alibaba cloud computing company in China.

Reference and Credit goes to Webber Insurance