Thousands of Australian consumers have fallen victim today to yet another coordinated Cyber Attack. At this stage 15,000 Aussies are predicted to be affected, with scammers purchasing stolen login details from overseas Cyber-Criminals and using stored credit card and gift voucher information to rack up thousands in online purchases, purchasing items such as clothing, alcohol and more.
According to the Australian Cyber Security Centre ‘Credential Stuffing’ has said to have been the method used to access these personal details, where criminals take previously stolen passwords from one website and use them elsewhere. This brings home the importance of setting long, unique, multi symbol passwords and not using the same password across multiple platforms.
Cyber-crime remains a huge issue, with Anthony Albanese vowing to look at any measures possible to protect businesses from future scams. Australia’s Cyber Security Centre received over 94,000 reports of Cybercrime over the past financial year, an increase of 23% from 2021-22
Who was involved In The Cyber Breach?
Last week, Dan Murphy, Event Cinema’s, Guzman y Gomez, Binge and The Iconic were impacted, by a coordinated cyber breach.
Binge have reported that customers remain unaffected as their credit card details are managed off-platform as part of their comprehensive cyber-security systems. Customer accounts are also monitored 24/7 for activity that may compromise accounts and they have advanced systems in place to block and re-set customer accounts with notification.
The Iconic was hit with numerous complaints by customers, over fraudulent purchases appearing on their accounts, some totaling more than $1000. They continue to provide updates to impacted customers to ensure they are kept informed, stating that their own internal systems were not affected by last week’s breach. They are continuing their investigations.
Endeavor Group who owns Dan Murphy confirmed that only a small percentage of its customers (less than 100) have been affected. One scammer however bought almost $800 worth of alcohol in one transaction.
Guzman Y Gomez & Event Cinemas
Both are yet to comment.
I have an account with one of these companies, what should I do?
There are multiple steps you can take to protect yourself from todays and future cyber events. With the prediction that these Credential Stuffing Cyber-Attacks will only continue due to their success, it is essential that both individuals and businesses look at multiple ways to protect themselves.
- If you use the same email address and password combination from these accounts on any other accounts, change them ASAP.
- Ensure you have multi-factor authentications (MFA) turned on for all accounts.
- If MFA is not available, consider if you need an account. If you do, ensure you use long, unique multi word/symbol passwords for services such as email & banking logins. Password Manager apps are a valuable way to securely store & manage your passwords.
- Be on high alert for phishing emails, messages, and scams. As your details have been compromised, you may see an increase in scam attempts.
- Ensure you use reputable cloud services or managed service providers who implement appropriate cyber security measures.
- Review the Cyber Security posture & procedures for remote workers. Look at their use of communication, business productivity and collaboration software.
- Ensure all staff are trained in cyber security matters, how to recognize phishing and scam attempts and that you have the appropriate company policies and procedures in place.
- Ensure you regularly test cyber security detection, incident response, disaster recovery and business continuity plans.
Keep in mind that at any moment your personal information could be exposed so be mindful of who you give your details to. Most importantly, use separate passwords across multiple sites and check your accounts regularly.
Powernet offers Managed Cyber Security services to businesses, get in touch, if you’d like to know more.