2021 - Data Breach Notifications in Australia

Lastpass – December 2021

• LastPass Says It Didn’t Leak Your Password

Ubisoft – December 2021

• Ubisoft says Just Dance was hit by a data breach
• Ubisoft Says a ‘Misconfiguration’ Exposed Just Dance Player Data

Huawei – December 2021

• Key details of Huawei security breach in Australia revealed

Victoria Police – December 2021

• Charges over Victoria Police data breach

Finite Recruitment – December 2021

• Coles, Westpac, AMP and Department of Defence caught up in ‘significant’ data breach of Finite Recruitment
• A Russian Hacking Group Caused A Data Breach That Could Affect Coles, Westpac & Some Gov Depts

SA Government – December 2021

• Cyber attack steals personal data of up to 80,000 SA public servants
• Personal details of up to 80,000 SA government employees accessed in cyber attack
• Premier can’t say if government trusts firm after data breach | The state government can’t confirm its trust in a third-party payroll provider, after personal data from up to 80,000 public servants – including bank account details – were stolen.
• 80,000 SA govt employees exposed to data breach | Third party payroll service hit by ransomware.
• SA gov employee data stolen in Frontier Software ransomware attack | At least 38,000 staff impacted
• Tens of thousands locked out of ATO Online accounts after payroll hack
• Government confirms almost 80,000 public sector employees affected in Frontier Software cyber attack
• South Australian gov issues breach notice to hacked payroll provider

Gravatar – December 2021

• Gravatar profile add-on leaks data on millions of users | Details of just under 114 million users in hackers’ hands

Panasonic – November 2021

• Panasonic says it has been hit by a data breach
• Panasonic confirms data breach after hackers access internal network
• Panasonic Confirms Six Months Of Data Breaches

ACT Government – November 2021

• Canberra Liberals: Serious data breach needs independent investigation | United Firefighters’ Union
• Refer compo spreadsheet data breach to privacy watchdog: ACT firies’ union
• Independent investigation needed into workers’ compensation spreadsheet data breach: opposition
• Liberals call for external review into data breach
• ACT government publishes sensitive health data from nearly 30,000 workers’ compensation claims

Tabcorp – November 2021

• Tabcorp says bad data, technical error behind online betting breach | Took in-play bets on a US college basketball game

Australia’s Copyright Agency – November 2021

• Australia’s Copyright Agency | investigates cyber incident | Notifies 37,000-plus members

GoDaddy – November 2021

• GoDaddy security breach exposes WordPress users’ data GoDaddy security breach exposes WordPress users’ data | Up to 1.2 million customers caught up
• Global web hosting company GoDaddy reports data breach
• GoDaddy breach exposes 1.2 million customer accounts
• Cybersecurity experts weigh in on GoDaddy data breach

South Australian Ambulance Service – November 2021

• Ambulance patient data stolen

Sunwater – November 2021

• Queensland water supplier Sunwater targeted by hackers in months-long undetected cyber security breach

mySA Gov – November 2021

• mySA Gov accounts breached | Attacker(s) reused passwords stolen in different incident
• Hackers access mySA GOV digital licence accounts, prompting warning from state government

Twitch – October 2021

• Amazon’s Twitch hit by data breach | 125GB leaked, including source code
• Twitch hack reveals multi-million-dollar sums top streamers earn from playing computer games
• Amazon’s Twitch blames configuration error for data breach
• Live streaming platform Twitch hit by huge data breach
• Twitch hit by huge data breach | Hackers warn more information is coming
• Twitch in crisis as it blames server error for massive data breach
• Massive data breach at Twitch.tv

AI Dungeon – September 2021

• If You Played AI Dungeon Back in April Your Data Was Probably Compromised

Accenture – August 2021

• Ransomware group demanding US$50M in Accenture security breach: cyber firm
• Accenture admits cyber incident also involved data breach

FIFA21 – August 2021

• Hackers ditch FIFA 21 secrets online after failed extortion attempt

Optus – 2019 Update

• Two years later: Optus data breach probed
• OAIC launches investigation into Optus data breach

SafeWA – August 2021

• Senior health officials raised concerns about SafeWA data breach long before election

Melbourne City Mission and the Department of Health and Human Services – 2017 Update

• Victorian Ombudsman launches investigation into handling of child protection data breach

Uber – 2016 Update

• Uber slapped on wrist for massive data breach | US parent argues exemption from privacy laws
• Uber found to have breached privacy of 1.2 million Aussies in 2016| Privacy watchdog releases findings of investigation
• Uber interfered with privacy of 1.2 million Australians

NSW Department of Education – July 2021

• NSW Education Dept downed by cyber attack
• NSW Education had unknown vulnerability in breached system
• Notifying individuals affected by July’s cyber incident
• Department of Education networks | The NSW Department of Education has been a victim of a cyber-security attack

Tasmanian State Growth – July 2021

• Employee allegedly passed drivers’ information to debt collector

LimeVPN – July 2021

• LimeVPN Suffers Major Data Breach, Over 69K Users at Risk | A hacker stole the backup database, customer payment details, private keys, and took the website offline.

Morningstar – June 2021

• Morningstar data breach reveals KPMG deal maker lists | A software glitch has exposed the key companies garnering the interest of big four advisory group KPMG’s deal makers and restructuring experts.

LinkedIn – June 2021

• LinkedIn denies data breach with 700 million records | Personal information on members found for sale
• LinkedIn data from 700 million users for sale on hacking forum
• LinkedIn hacked again — personal info of 756 million users leaked

Carnival Cruises – June 2021

• Cruise operator Carnival discloses personal data breach

Uniting Communities – June 2021

• Uniting Communities investigating possible data breach amid ‘cyber incident’

Ray White – June 2021

• Former Ray White real estate agent Ant Manton investigated for alleged data theft

NSW Health – June 2021

• Medical information leaked in NSW Health hack
• NSW Health admits personal data accessed in Accellion breach

Air India – May 2021

• SITA hack may have been worse than thought following Air India breach
• Air India breach compromised data for 4.5 million passengers
• Air India says data on 4.5 million passengers stolen

TPG – May 2021

• TPG confirms data on dark web belongs to its customer

NAB 2019 – April 2021

• NAB fired IT worker over data breach | Uploaded data of 13,000 customers to third-party servers
• NAB repays customers $687k for data breach

UnitingCare Queensland – April 2021

• UnitingCare Queensland hit by cyber attack | Ransomware infection reportedly impacts hospitals and aged care facilities

Swinburne University – April 2021

• Swinburne University data breach exposes details of 5000 staff, students | Seven years of event registrations found online.
• Details of over 5,000 people exposed in Swinburne uni breach

Ubiquiti – April 2021

• IoT firm Ubiquiti hit by ‘catastrophic’ data breach | Intruders allegedly gained administrative access to Ubiquity’s servers
• No customer info accessed’ in Ubiquiti breach

Shanghai Security Database – April 2021

• Australians flagged in Shanghai security files which shed light on China’s surveillance state and monitoring of Uyghurs

Facebook – April 2021

• Massive Facebook data breach leaks info on millions of users | Data of over 533 million Facebook users leaked online
• Facebook data breach: how to check if your details were leaked
• Facebook data breach exposes personal information of 533 million users, including its founder Mark Zuckerberg
• Facebook data leak: Details of 533 million users found on site for hackers
• What You Can Do About That Messy Facebook Data Breach
• How to check if your Facebook account was one of the half billion that were breached

Eastern Health – March 2021

• Victorian hospitals hit by cyber attack | Forces postponement of non-urgent elective surgeries

WA Parliamentary Email Network – March 2021

• China suspected of cyber attack on Western Australia’s Parliament during state election

Microsoft – March 2021

• Australian corporations hit by massive Microsoft Server hack
• ESET says at least 10 hacking groups using Microsoft software flaw

SITA – March 2021

• SITA data breach affects millions of airline passengers | Passenger data from multiple airlines has been acquired by hackers

Minister’s Private Email Accounts – February 2021

• ‘Security risks’: Ministers’ private email accounts in historical data breach

Transport for NSW – February 2021

• Transport for NSW data stolen in Accellion breach | Agency probes customer impact

SingTel – February 2021

• Optus parent organization SingTel assesses potential Accellion data breach

Accellion – February 2021

• The Accellion Data Breach Seems to Be Getting Bigger
• Australian orgs exposed to Accellion vulnerability

NT Health – February 2021

• NT Health Leaks Thousands of Emails in Data Breach

QIMR Berghofer Medical Research Institute – February 2021

• Qld research institute suffers data breach

Service NSW – 2020 Update

• 20,000 people still unaware of Service NSW breach | Affected residents don’t know their data was stolen last year
• Service NSW struggling to contact thousands of cyber attack victims

Oxfam – February 2021

• Oxfam Australia investigates suspected data breach | Tries to work out what data was accessed

ASIC – January 2021

• ASIC joins Reserve Bank NZ as victim of Accellion hack | Used server to transfer files on credit licence applications
• ASIC server hit by cyber security breach

Tasmanian Ambulance – January 2021

• Cybersecurity expert calls for replacement technology following Tasmanian ambulance patient data leak
• Tasmanian data leak reveals HIV status of ambulance patients
• Mass hack incident exposes Tasmanian patient’s medical data on public website

Reference and Credit goes to Webber Insurance