No matter what your line of work is, chances are some if not all of your business is online. This means you’re exposed to the risk of a data breach. Here are some of the biggest Australian cyberattacks of 2021.
Eastern Health Breach
Eastern Health is the operator of Angliss, Box Hill, Healesville, and Maroondah hospitals. On March 16th, the company’s servers were hit by a ransomware attack that crippled their entire system. Multiple servers needed to be shut down, which slowed the system down, and even forced staff to postpone a number of minor surgeries.
Two weeks after the attack, doctors and nurses still had no access to internal emails, and patients’ treatment was being tracked on whiteboards. Many patients were put at risk since their medical histories remained inaccessible. It took more than a month for Eastern Health to fully restore its systems.
Tasmanian Ambulance Data Breach
On January 8th, a website was discovered with the personal information of every person who had called an ambulance in Tasmania, from November 2020 to date. The administrator had been posting live updates, every time paramedics were dispatched. Following the website’s discovery, it was taken offline by law enforcement.
The breach was made possible by Tasmania’s outdated paging system, which had multiple known vulnerabilities. The information posted on the site included personal details, the reason for the call, the address, and even sensitive information like HIV status.
Northern Territory Government Data Breach
The Northern Territory Government data breach actually happened in 2020 but wasn’t publicly revealed until January of 2021. During the attack, one of their cloud-based IT suppliers was compromised, and some of their servers were targeted by a ransomware attack.
Fortunately, government data was never compromised. The servers were immediately taken offline. Then, the supplier partnered with the Northern Territory Government and the Australian Cyber Security Centre to restore the servers from backups. At that point, they were able to be put back online.
Western Australian Parliament Data Breach
During the Western Australian election, on March 4th, IT administrators noticed unusual activity on one of their Microsoft Exchange mail servers. At 5:40 PM, out of an abundance of caution, the server was taken offline. This prevented any potential data theft, but it also prevented the West Australian Parliament members and staff from sending or receiving emails.
The server was wiped, restored with a clean install, including all patches, and restored to use. The Parliament has stated that no data was lost, but their email went offline for more than 19 hours during a major election. It is suspected, but not confirmed, that China was behind the attack, and that it may have been an act of political retaliation.
The Australian Securities and Investment Commission (ASIC)
The Australian Securities and Investment Commission (ASIC) became aware on January 15th that an intruder had gained access to a server that contained records for recent credit license applications. This server was used in the data transfer process, and the breach was made possible due to a vulnerability in Accellion data transfer software.
Thankfully, none of the documents were downloaded. That said, it appears that a number of them were viewed, so it’s possible that at least some information was stolen.
Transport for NSW
In late February, over 250GB of emails and other confidential files belonging to Transport for TSW were dumped on the dark web. The files, hosted by the CL0P extortion syndicate, were downloadable in 4GB chunks.
Like the ASIC breach, the Transport for NSW breach was made possible by a vulnerability in the Accellion File Transfer Appliance. This was apparently a part of a broader extortion attempt against a number of Accellion customers. While Transport for NSW might not have appreciated their internal emails being leaked, no personal customer information was released.
On January 20, 2021, a third party gained access to an Oxfam Australia database. This database contained personal information on a number of their supporters, and the breach remained undetected for seven days before Oxfam became aware of it and took the database offline.
The database stored information from people who had signed petitions participated in Oxfam campaigns or made donations or purchases. This data includes a variety of personal data, as well as donation records. The reason for the breach remains unclear.
Nine Entertainment Co.
On March 27th, Nine Entertainment’s servers were struck by a cyber attack in the wee hours of the morning. The company, which operates several over-the-air broadcast stations, remained unable to air content until the 6 PM news hour.
The attack was targeted at both the corporate office and the various local broadcast business units. Some tech writers have speculated that it originated from China, in retaliation for some of Nine Entertainment’s reporting, but that speculation remains unconfirmed.
In April 25th, a cloud server belonging to TPG Telecom was hacked, and 5 gigabytes of data was stolen. Shortly thereafter, this data became freely available to download on a dark website. Other customers’ data was stored on the same server, but it appears as if only the original two customers’ data was actually stolen.
The leak occurred due to a known vulnerability in old cloud-based software, and the server was already in the process of being decommissioned when the data was stolen. It’s fortunate that the server was already being taken offline, and that there weren’t many customers using it, to begin with.
In late April, UnitingCare Queensland was struck by a massive ransomware attack. This attack crippled a range of the hospital’s systems, including their email and patient care tracking systems. Much like in the Eastern Health breach, doctors and staff were forced to resort to paper-based communications and recordkeeping.
The ransomware attack was carried out with a malware program called Sodinokibi/REvil, which encrypts files and tries to delete any backups. No patients were personally affected by the breach, but it caused a great deal of stress for hospital employees.
In March, a Swinburne database was breached, and personal information on over 5,000 individuals was made public on the internet. The university immediately took the database offline and launched an investigation.
The server in question was used to store event registration information beginning in 2013, for multiple events. The data includes names, email addresses, and phone numbers, and belongs to more than 5,200 staff and 100 students.
Other Notable Breaches That Affected Australians
So far, we’ve been talking about breaches that were specific to Australia. But 2021 also saw several major global breaches that impacted a number of Australians. Here are some of the most noteworthy:
● LinkedIn – On June 22nd, a hacker listed 700,000 pieces of personal information for sale on the dark web. In an investigation, ComputerWeekly.com discovered that almost all of LinkedIn’s users had at least one piece of their personal information listed for sale.
● Facebook – In April, 533 million Facebook users had their phone numbers and other personal data leaked on the dark web. This was followed by a larger leak in September, with more than 1.5 billion more pieces of information.
● Socialarks – In January, Instagram subcontractor SocialArks misconfigured one of their databases, inadvertently exposing the personal information of unknown numbers of users. 318 million people had their information stolen.
● GoDaddy – On November 17th, GoDaddy reported that they had detected a data breach on their network. Despite GoDaddy detecting the breach relatively quickly, 1.2 million WordPress accounts were hacked.
● Twitch – On October 6th, Twitch announced that they had suffered a data breach. Some of their top streamers’ earning records had been stolen, along with some of Twitch’s proprietary source code, and information on the company’s internal security protocols.
● Pixlr – On January 20th, a hacker successfully breached a database for Pixlr, an online photo-editing program. They stole over 1.9 million personal photos, including many that could potentially be used in phishing scams.
What is a Cyber Breach?
A cyber breach, also known as a data breach, occurs whenever information is stolen from a computer system. The vast majority of data breaches occur when hackers use malware or hacking to steal and sell personal information. Another common tactic called a “ransomware attack” is to encrypt valuable data and extort the original owner for money in exchange for the unlock password. More infrequently, some cyber breaches are carried out by state actors, or by disgruntled employees.
How Can I Protect My Business?
There are a number of ways to protect your business from a cyber attack. If you’re managing your own systems, the most important thing is to keep your Endpoint Protection (anti-virus) software up to date, and always update the software on all of your devices. Keep backups of valuable data to protect yourself from ransomware attacks, and maintain an up-to-date data security policy for all your employees.
Alternatively, you could outsource your IT services to a managed IT service provider. Companies like Powernet function as a complete IT department. Since we’re experts in our field, you have to worry less about the potential for an attack. Get in touch to learn more.