As Cybersecurity attacks are on the rise and personal information becomes increasingly available to malicious attacks through data breaches, malware phishing emails and man-in-the-middle attacks, it has never been more important for organisations to be on the front foot by having robust controls in place to minimise the risk of further harm to their organisations and individuals.
In a report by OAIC on notifiable data breaches from January to June 2023, the office of the Australian Information Commissioner noted that the top 5 sectors in 2023 to notify a data breach included:
There were 409 notifications listed during this time with 63% of data breaches affecting 100 people or fewer.
The average cost of a cybercrime to an organisation on average was $46,000 for a small business, $97,200 for a medium-sized business and $71,600 for a large business.
Following on from the Cyber-attacks of 2022 amongst organisations such as Optus, Medibank, Telstra & Woolworths, 2023 has once again seen businesses fall victim to such incidents.
In March 2023, Latitude, the Australian personal loan, and financial services provider was affected by a data breach that exposed the personal information of up to 1.2 million customers and impacted up to 14 million people from across Australia and New Zealand. The Latitude breach was one of Australia’s largest breaches in recent history following the Optus and Medibank breaches of 2022.
The breach was caused by a cyberattack, but the exact method of attack has not yet been disclosed.
A notice on Nissan Australia’s website has confirmed the company has suffered a cyberattack. It’s understood this has affected systems in Australia and New Zealand with a warning that systems within their dealerships may have been impacted. Nissan has warned customers that their personal information may have been accessed and to remain vigilant across their accounts, looking out for any unusual or scam activities.
Nissan is working with their global incident response team and relevant stakeholders and has notified the Australian Cyber Security Centre. When the attack occurred, and the extent of the breach is not yet clear, however, the notice has been on the dealer’s website since the beginning of December.
Wollongong University has provided a statement acknowledging they have identified a cybersecurity incident within their systems. The incident has since been contained and they are currently working to investigate the cause and extent of the issue.
It is currently unknown what data was likely accessed or how much, and there are no details regarding the nature of the attack, including how the cybercriminals gained access or what their motives were. This attack occurred in early December.
Boeing, one of the world’s largest defence and space contractors, announced it was investigating a Cyber incident that impacted its parts and distribution business. Boeing was held at ransom by LockBit a cybercrime gang that stole a tremendous amount of sensitive data from the US plane maker that they planned to dump online if a ransom was not paid. Boeing is actively investigating the incident and coordinating with law enforcement and regulatory authorities and is notifying their customers and suppliers. After the passenger giant refused to pay the ransom demand, LockBit has since claimed to have leaked all of the data they stole online from Boeing as of November 10. This leak included 50GB of data in the form of a compressed archive and backup files for various systems.
In early October, Sony notified current and former employees (6,791) that their data had been compromised in a data breach. This attack occurred in late May as part of the MOVEit attacks which compromised hundreds of companies and government agencies. Sony detected the intrusion on June 2 and promptly rectified the situation. It did not appear that any customer data was implicated in the breach. In September a second breach occurred where Hackers acquired 3.14GB of data from a server located in Japan that is used for internal testing for its Entertainment, Technology and Services business. Sony is investigating this incident and has since taken this server down. Sony said this latest incident had no adverse impact on Sony’s operations.
This is not the first time Sony has fallen victim to a Cyber-attack. In 2014 they were at the center of a major international hacking incident involving North Korean state-sponsored threat actors. The breach exposed Hollywood celebrity’s extensive personal information and leaked unreleased movies and tv shows. In 2011, Sony also suffered a massive attack on its gaming platforms, impacting 77 million individuals, and forcing the company to pay US residents $15m in compensation.
Duolingo is one of the largest language learning sites in the world and in January was targeted by a data scrapping attack on public profile information where 2.6 million Duolingo users had information leaked on a hacking forum. This allows threat actors to conduct targeted phishing attacks using the exposed information. The shutdown hacking forum was charging $1500 for access to this scrapped data which included public logins and names, email addresses and internal information related to the Duolingo service.
In September, Pizza Hut’s Australian operation was hit by a cyber-attack with customer data including delivery addresses, customer names, email addresses, contact numbers and order details stolen in the hack affecting up to 193,000 customers. Phil Reed, Pizza Hut’s CEO, said the company became aware that there had been unauthorised third-party access to some of the company’s data. Following this realization, Pizza Hut secured its systems, engaged a forensic and cybersecurity specialist, and initiated an ongoing investigation to help them understand what occurred and to identify the data that was impacted. The breach was reported to the Office of the Australian Information Commissioner. Customers were advised of the incident and given steps they could take to protect their information and how to avoid potential scams going forward. ‘
DP World, one of Australia's largest port operators, announced that in November, Hackers accessed files containing personal details of its past and current employees after a cyber incident forced it to suspend operations for 3 days. This attack crippled operations at the company, which manages around 40% of the goods that flow in and out of Australia. DP World did not provide any details about the suspected perpetrators and confirmed that customer data was not affected and was confined only to its Australian operators. The incident remains under investigation by the Department of Home Affairs and the company has been working closely with the Australian Cyber Security Centre and Federal police along with its employees on an individual basis. It is believed DP had failed to fix a critical IT vulnerability known as CitrixBleed which was most likely the route into the company’s system.
A Cyber Security attack is a deliberate or malicious attempt by an individual or organisation to breach the information system of another organisation or individual. Cybercriminals use Cyber attacks to destroy computer networks, attach themselves to personal databases and leak personal identification and financial information. No matter the reason for such attacks, they create great damage to everybody involved.
This is why it is so important to have systems in place to keep yourself and your organisation safe.
If you suspect yourself or your organisation has been a victim of a cyber attack you can report an attack at www.cyber.gov.au or contact the Australian Cyber Security Centre on 1300 CYBER1. They have a 24/7 hotline that provides additional support and guidance on how to limit the damage and stop an attack. You can also report a cybercrime to the police through their ReportCyber portal.
It is important to be across any data breaches that occur within Australia to ensure that your personal information is kept safe. Although you remain vigilant personally, as seen in the above-mentioned data breaches of 2022 and 2023 your personal information can be leaked by companies you use for such things as electricity, health insurance and more. If you would like help managing cybersecurity for your business, get in touch, we'd love to help.
If you want to remove that stubborn blank page at the end of your report or delete a page containing […]
Read moreHow to Unsend an Email in Outlook “Have you ever experienced that sinking feeling in your stomach after accidentally sending […]
Read moreWe all spend a great deal of time in our internet browser, searching, googling, so it makes sense to not […]
Read more