Australian based Managed IT support offices in Melbourne, Sydney and Brisbane
Powernet Colour a VITG Company POS

Biggest Cyber Security Breaches in Australia in 2023 

As Cybersecurity attacks are on the rise and personal information becomes increasingly available to malicious attacks through data breaches, malware phishing emails and man-in-the-middle attacks, it has never been more important for organisations to be on the front foot by having robust controls in place to minimise the risk of further harm to their organisations and individuals.  

In a report by OAIC on notifiable data breaches from January to June 2023, the office of the Australian Information Commissioner noted that the top 5 sectors in 2023 to notify a data breach included: 

  • Health service providers 
  • Finance 
  • Recruitment agencies 
  • Legal, accounting and management services & 
  • Insurance  

There were 409 notifications listed during this time with 63% of data breaches affecting 100 people or fewer.  

The average cost of a cybercrime to an organisation on average was $46,000 for a small business, $97,200 for a medium-sized business and $71,600 for a large business.  

Following on from the Cyber-attacks of 2022 amongst organisations such as Optus, Medibank, Telstra & Woolworths, 2023 has once again seen businesses fall victim to such incidents.   

Latitude  

In March 2023, Latitude, the Australian personal loan, and financial services provider was affected by a data breach that exposed the personal information of up to 1.2 million customers and impacted up to 14 million people from across Australia and New Zealand. The Latitude breach was one of Australia’s largest breaches in recent history following the Optus and Medibank breaches of 2022.  

The breach was caused by a cyberattack, but the exact method of attack has not yet been disclosed. 

Nissan Australia 

A notice on Nissan Australia’s website has confirmed the company has suffered a cyberattack. It’s understood this has affected systems in Australia and New Zealand with a warning that systems within their dealerships may have been impacted. Nissan has warned customers that their personal information may have been accessed and to remain vigilant across their accounts, looking out for any unusual or scam activities.  

Nissan is working with their global incident response team and relevant stakeholders and has notified the Australian Cyber Security Centre. When the attack occurred, and the extent of the breach is not yet clear, however, the notice has been on the dealer’s website since the beginning of December.  

Wollongong University  

Wollongong University has provided a statement acknowledging they have identified a cybersecurity incident within their systems. The incident has since been contained and they are currently working to investigate the cause and extent of the issue.  

It is currently unknown what data was likely accessed or how much, and there are no details regarding the nature of the attack, including how the cybercriminals gained access or what their motives were. This attack occurred in early December.  

Boeing  

Boeing, one of the world’s largest defence and space contractors, announced it was investigating a Cyber incident that impacted its parts and distribution business. Boeing was held at ransom by LockBit a cybercrime gang that stole a tremendous amount of sensitive data from the US plane maker that they planned to dump online if a ransom was not paid. Boeing is actively investigating the incident and coordinating with law enforcement and regulatory authorities and is notifying their customers and suppliers. After the passenger giant refused to pay the ransom demand, LockBit has since claimed to have leaked all of the data they stole online from Boeing as of November 10. This leak included 50GB of data in the form of a compressed archive and backup files for various systems.  

Sony  

In early October, Sony notified current and former employees (6,791) that their data had been compromised in a data breach. This attack occurred in late May as part of the MOVEit attacks which compromised hundreds of companies and government agencies. Sony detected the intrusion on June 2 and promptly rectified the situation. It did not appear that any customer data was implicated in the breach. In September a second breach occurred where Hackers acquired 3.14GB of data from a server located in Japan that is used for internal testing for its Entertainment, Technology and Services business. Sony is investigating this incident and has since taken this server down. Sony said this latest incident had no adverse impact on Sony’s operations.  

This is not the first time Sony has fallen victim to a Cyber-attack. In 2014 they were at the center of a major international hacking incident involving North Korean state-sponsored threat actors. The breach exposed Hollywood celebrity’s extensive personal information and leaked unreleased movies and tv shows. In 2011, Sony also suffered a massive attack on its gaming platforms, impacting 77 million individuals, and forcing the company to pay US residents $15m in compensation.  

Duolingo 

Duolingo is one of the largest language learning sites in the world and in January was targeted by a data scrapping attack on public profile information where 2.6 million Duolingo users had information leaked on a hacking forum. This allows threat actors to conduct targeted phishing attacks using the exposed information. The shutdown hacking forum was charging $1500 for access to this scrapped data which included public logins and names, email addresses and internal information related to the Duolingo service.  

Pizza Hut  

In September, Pizza Hut’s Australian operation was hit by a cyber-attack with customer data including delivery addresses, customer names, email addresses, contact numbers and order details stolen in the hack affecting up to 193,000 customers. Phil Reed, Pizza Hut’s CEO, said the company became aware that there had been unauthorised third-party access to some of the company’s data. Following this realization, Pizza Hut secured its systems, engaged a forensic and cybersecurity specialist, and initiated an ongoing investigation to help them understand what occurred and to identify the data that was impacted. The breach was reported to the Office of the Australian Information Commissioner. Customers were advised of the incident and given steps they could take to protect their information and how to avoid potential scams going forward. ‘ 

DP World  

DP World, one of Australia's largest port operators, announced that in November, Hackers accessed files containing personal details of its past and current employees after a cyber incident forced it to suspend operations for 3 days. This attack crippled operations at the company, which manages around 40% of the goods that flow in and out of Australia. DP World did not provide any details about the suspected perpetrators and confirmed that customer data was not affected and was confined only to its Australian operators. The incident remains under investigation by the Department of Home Affairs and the company has been working closely with the Australian Cyber Security Centre and Federal police along with its employees on an individual basis. It is believed DP had failed to fix a critical IT vulnerability known as CitrixBleed which was most likely the route into the company’s system.  

What is a Cybersecurity attack? 

A Cyber Security attack is a deliberate or malicious attempt by an individual or organisation to breach the information system of another organisation or individual. Cybercriminals use Cyber attacks to destroy computer networks, attach themselves to personal databases and leak personal identification and financial information. No matter the reason for such attacks, they create great damage to everybody involved.  

This is why it is so important to have systems in place to keep yourself and your organisation safe.  

How can I avoid falling victim to a Cyber Attack? 

Individuals 

  • Enable multi-factor authentications (MFA) for any online services where available. 
  • If MFA is not available, ensure you use long, unique multi-word/symbol passwords for services such as email & banking logins. Password Manager apps are a valuable way to store & manage your passwords securely.  
  • Regularly back up important files and configure your device settings. 
  • Be on high alert for phishing emails, messages, and scams.  

Businesses 

  • Ensure you use reputable cloud services or managed service providers who implement appropriate cyber security measures. 
  • Review your cyber security posture & procedures for remote workers. Look at their use of communication, business productivity and collaboration software.  
  • Implement regular cyber security training for your team that includes: how to recognise phishing and scam attempts and that you have the appropriate company policies and procedures in place.  
  • Ensure you regularly test cyber security detection, incident response, disaster recovery and business continuity plans.  
  • Consider outsourcing your cybersecurity to a business that specialises in Managed Cybersecurity services.

If you suspect yourself or your organisation has been a victim of a cyber attack you can report an attack at www.cyber.gov.au or contact the Australian Cyber Security Centre on 1300 CYBER1. They have a 24/7 hotline that provides additional support and guidance on how to limit the damage and stop an attack. You can also report a cybercrime to the police through their ReportCyber portal.  

Final Thoughts 

It is important to be across any data breaches that occur within Australia to ensure that your personal information is kept safe. Although you remain vigilant personally, as seen in the above-mentioned data breaches of 2022 and 2023 your personal information can be leaked by companies you use for such things as electricity, health insurance and more. If you would like help managing cybersecurity for your business, get in touch, we'd love to help.

Subscribe to our newsletter for the latest technology tips & tricks.

Recent Articles

Tags

Categories

Search the Powernet blog

How to delete a whole page in Microsoft Word

How to delete a whole page in Microsoft Word

If you want to remove that stubborn blank page at the end of your report or delete a page containing […]

Read more
How to Unsend an Email in Outlook

How to Unsend an Email in Outlook

How to Unsend an Email in Outlook “Have you ever experienced that sinking feeling in your stomach after accidentally sending […]

Read more
Customise Google Chrome with Colours and Themes

Customise Google Chrome with Colours and Themes

We all spend a great deal of time in our internet browser, searching, googling, so it makes sense to not […]

Read more

We are well awarded

Reach our team

We’re always happy to help you find the right solutions to your IT and technology needs. Here are some ways to contact us.

Give us a call

Chat with our team to discover the best IT solutions for your organisation.
1300 892 692

Our locations

Melbourne CBD

Level 15 / 565 Bourke Street, Melbourne VIC 3000

Eastern Melbourne

Level 2 / 74 Doncaster Road, Balwyn North VIC 3104

Geelong Region

East 4/13-35 Mackey Street, North Geelong VIC 3215

Sydney

U18 / 23-31 Bowden Street,
Alexandria NSW 2015
(02) 8214 8855

Brisbane

7/9 Archimedes Place, Murarrie QLD 4172

Send us an enquiry

This field is for validation purposes and should be left unchanged.

cross