2023 - Data Breach Notifications in Australia

23andMe – December 2023

• The 23andMe Data Breach Keeps Spiraling | 23andMe has provided more information about the scope and scale of its recent breach, but with these details come more unanswered questions.
• Genetic testing firm 23andMe admits hackers accessed DNA data of 7m users | US company says ‘threat actor’ responsible for security breach that affected nearly half of its 14m reported users
• 23andMe confirms hackers stole ancestry data on 6.9 million users
• 23andMe Blames Data Breach Victims For Weak Passwords

NSW Eastern Suburb Libraries – December 2023

• Woollahra Council, Double Bay, Paddington and Watsons Bay | Thousands of residents in affluent Sydney suburbs affected by cyberattack

Yakult Australia – December 2023

• Yakult Australia targeted in cyber attack, employee files published on dark web

TikTok – December 2023

• TikTok Data Breaches: Full Timeline Through 2023
• TikTok privacy breach allegations under spotlight

St Vincent’s Health – December 2023

• St Vincent’s Health network hit by cyber attack, with data stolen
• St Vincent’s Health says data stolen in cyber attack
• Data stolen in hack on national health provider St Vincent’s
• Revealed: St Vincent’s hackers got in with compromised accounts
• St Vincent’s cyberattack work of sophisticated criminals, say investigators
• St Vincent’s Health suffers data breach in cyber attack
• Media Statement – Cyber incident update
• Revealed: St Vincent’s hackers got in with compromised accounts
• St Vincent’s Health Australia warns cyber attack forensics could “take some time”

Melbourne Arts Centre – December 2023

• Cyber Incident – Data Breach

Qld Rural Fire Service – December 2023

• Former QFES contractor investigated over alleged Rural Fire Service information breach

University of Wollongong – December 2023

• University of Wollongong discloses data breach

ASIC – December 2023

• ASIC experiences four error-caused data breaches since start of 2022

The Department for Child Protection said Aboriginal Family Support Services (AFSS) – December 2023

• Aboriginal child protection service contracted by SA government hit by data breach

Top Health Doctors West End – December 2023

• Clinic’s data breach a reminder to bolster security | The personal details of more than 5000 patients may have been ‘compromised’ after a Brisbane medical centre’s email account was breached.

Certis Security Australia – November 2023

• Certis Security Australia suffers email breach | Customers not affected.
• Okta’s data breach bigger than first thought – All customer service contact details leaked.

Australian Clinical Labs – November 2023

• Sexual health and fertility details leaked in ACL data breach

NDIA – November 2023

• NDIA detects data breach | The National Disability Insurance Agency (NDIA) has detected a data breach involving the alleged unauthorised disclosure of the personal details of some National Disability Insurance Scheme (NDIS) participants and related parties.
• Two charged following fraud investigations

Samsung – November 2023

• Samsung says hackers accessed customer data during year-long breach

Australian Signals Directorate’s 2022/23 Cyber Threat Report – November 2023

• ASD Cyber Threat Report 2022-2023

DP World – November 2023

• Fears of significant delays after ‘cyber security incident’ shuts down major port operator
• Australian ports operator suffers ‘cyber security incident’
• Ports to remain closed as AFP investigates cybersecurity breach
• Australian Government Monitors Significant Stevedore Cyber Attack
• DP World Australia back online after cyber incident
• Australian port operator DP World hit by cyber attack | Movement of goods now slowly resuming.

TissuPath – November 2023

• TissuPath data breach victim upset by delayed notification

Alfred Health – November 2023

• HIV patient ‘stunned’ after his medical record accessed in Alfred data breach
• The Alfred CEO ‘can’t guarantee’ alarming data breach is an isolated incident

Digital Patient Pathways – October 2023

• SA patient health info deleted in third-party app breach

Personify Care – October 2023

• Details of thousands of patients have been accessed in a data breach | SA Health patients caught up in data breach of third-party platform Personify Care
• SA Health patient records accessed in data breach of third-party system Personify Care

Super SA – October 2023

• Super SA discloses third-party data breach

Royal Women’s Hospital Parkville – October 2023

• Personal data of almost 200 patients exposed in hack of Melbourne hospital staff member’s email

Sony – October 2023

• A ransomware group is claiming they’ve breached Sony’s systems and stolen data [updated]
• Over 6,000 individuals hit in Sony data breach: reports

Network Pacific Real Estate – October 2023

• Ransomware gang posts 30GB of data it claims belongs to Victorian real estate group

HWL Ebsworth – September 2023

• Scale of HWL Ebsworth hack revealed: 2.5m files, 65 agencies
• HWL Ebsworth says ‘business as usual’ after hack
• RBA, AFP, AusPost caught up in law firm hack | List of affected government entities finally revealed.
• Albanese government loses national security information in data hack
• Full list of government agencies affected by HWL Ebsworth hack revealed

Pizza Hut – September 2023

• Pizza Hut says customer data breached in cyber hack
• Pizza Hut Australia customers’ personal details accessed in cyber attack
• Pizza Hut Customers Compromised in Australian Data Breach
• Pizza Hut says nearly two-hundred thousand customers affected by data breach
• Pizza Hut hacked, customer data and orders taken
• Pizza Hut warns customers of possible data breach
• Pizza Hut Australia joins data breaches list | Compromised details were not on the fast food menu

Australian Federal Police, HWL Ebsworth – September 2023

• Federal police caught up in huge law firm data breach
• AFP officer data leaked in cyber breach

Dymocks – September 2023

• Dymocks customer data ‘may have been compromised’
• Dymocks warns customers of data breach after account information leaked on dark web
• Dymocks book store chain warns customer data compromised in security breach
• Dymocks discloses breach after dark web data leak
• 1.2 million customers caught up in Dymocks hack | Names, addresses, and dates of birth breached
• Dymocks confirms details of 1.2 million customers shared on dark web in data breach
• Dymocks links data breach to “external data partner”
• Dymocks CEO Outlines Details of Data Breach
• Dymocks breach happened while changing providers | Says it will only store the ‘bare minimum’ data in future

University of Sydney – August 2023

• University of Sydney caught up in third-party data breach
• Cyber incident

American Express – August 2023

• American Express confirms data leak of APAC employee details

Pareto Phone – August 2023

• Multiple Australian charities have had donor information leaked onto the dark web
• Australian Conservation Foundation says data of 13,500 donors caught up in Pareto Phone hack
• Charity donor details leaked to dark web after Pareto Phone breach
• Amnesty International latest victim of widening telemarketer breach
• Thousands of charity donors have data leaked on dark web after telemarketer hack

auDA – August 2023

• Hackers claim to have breached auDA | Domain administrator investigating

Tesla – August 2023

• Tesla says two ex-employees behind May data breach
• Tesla blames 2 former staff for data breach affecting 75k

Judo Bank & REX – August 2023

• Judo Bank and REX company caught in data breach

Department of Veterans’ Affairs – August 2023

• Government shared veterans’ medical data

Top 10 Countries Being Bombarded by Data Breaches – August 2023

• The Top 10 Countries Being Bombarded by Data Breaches

MOVEit – August 2023

• MOVEit hack spawned over 600 breaches
• PwC client hit in housing industry data hack

ChatGPT – July 2023

• ChatGPT data leaks most commonly involve source code: report

Victorian State Government – July 2023

• Prom camping chaos continues with data breach, say Nationals

myGov – July 2023

• ATO attackers filed $557 million in false claims | myGov accounts faked using breached identities
• Fraud Enabled by MyGov ‘Security Gap’ Costs Australian Taxpayers $500 Million

NDIS | HWL Ebsworth – July 2023

• The NDIA lists exposure to HWL Ebsworth data breach
• NDIS participants distressed after data caught up in HWL Ebsworth breach
• PWDA Addresses NDIS Data Breach Incident
• National Disability Insurance Scheme hit by law firm’s data breach | Individuals who engaged with the legal business could be affected
• PWDA Responds to NDIS Data Breach

Paypal – July 2023

• Byron Bay woman’s data breach nightmare exposes risks of ‘credential stuffing’. So how do you avoid it?

Department of Home Affairs – July 2023

• Home Affairs Inadvertently Leaks Personal Data of 50 Small Businesses

SA Liberal Party – July 2023

• Libs hack a mystery as cops probe ‘European gang’ theory

Parks Victoria – July 2023

• Parks Victoria online system crashes causing concerns of potential data breach

Notifiable Data Breaches Report July to December 2023

• This report captures notifications received under the NDB scheme from 1 July to 31 December 2023.

Perpetual – June 2023

• Perpetual security incident spreads; client data compromised

LG Energy Solution Australia & Solar Service Guys – June 2023

• LG Energy Solutions Australia and Solar Service Guys Respond to Data Breach Allegations

Australian Defence Force – June 2023

• Russian cyber hackers compromise top-secret defensive data in historic breach

SmartPay – June 2023

• SmartPay investigates data breach

PwC – June 2023

• PwC caught up in global data breach, ASX closes up on Woolworths and CSL gains — as it happened
• PwC victim of massive data hack

Port Arthur Library – June 2023

• Human error, not data breach, behind Port Arthur staff information appearing ‘live’ on library website

ACT Government – June 2023

• ACT government hit by cyber security breach

Fire Rescue Victoria – May 2023

• Fire Rescue Victoria’s cyber-hack response a ‘lesson in how not to communicate’

SuperVPN – May 2023

• A data breach on a free VPN service has led to 360 million records being exposed to the public, according to a new report.

NT Government – May 2023

• Thousands of identifiable NT patient health files sent to overseas-based software vendor in government data breach
• Patients told to contact NT Health following privacy breach of identifiable medical records

Toyota – May 2023

• Toyota confirms decade-long data breach
• Toyota Data Breach exposed 10 years’ worth of data for over 2m customers
• Toyota data breach: Millions of Japanese owners affected, Australia safe for now
• Toyota confirms some Australian owners affected in unprotected data event
• Toyota Australia customers victim of data breach
• Toyota does U-turn, confirms thousands of Australian customers hit by latest data breach
• Australian Toyota customers caught up in global data breach
• Toyota apologizes after additional data breach, expands investigation
• Toyota says some customers in Asia, Oceania face risk of data leak

Ambulance Victoria – May 2023

• Employee records exposed in Ambulance Victoria data breach
• Ambulance Victoria apologises after data leak
• Paramedics’ drug and alcohol history exposed in Victorian data breach

Medibank – May 2023

• Health care giant Medibank sued over data breach that affected 9.7m people
• Medibank hit with fresh class action after data hack
• Medibank’s staff details stolen after property manager faces cyber breach

HWL Ebsworth – May 2023

• HWL Ebsworth suffers data breach
• Russian-linked hackers taunt HWL Ebsworth over data breach, claim to have published files to dark web
• HWL Ebsworth data breach
• Tasmanian Government may be caught up in another data breach
• HWL Ebsworth data breach
• HWL Ebsworth data breach: Hackers claim huge data leak
• Ebsworth data breach

NAB Business & Consumer Insights – April 2023

• Cyber Security Attacks & Scams (April 2023)

Amnesty International Australia – April 2023

• Amnesty International Australia Suffered a Data Breach in December, but Says Everything is Now Fine

Optus – April 2023

• Optus data breach class action launched for millions of Australians caught up in cyber attack
• ‘Wake-up call for corporate Australia’: 100,000 people join Optus data breach class action
• Class action launched against Optus over 2022 data breach
• Optus sued by ‘vulnerable’ victims of data breach

Afterpay – April 2023

• Afterpay shareholders sue Dorsey’s Block for breach disclosure

Spruson and Ferguson – April 2023

• IPH reveals data breach originated from member firm
• IPH reveals data breach originated from subsidiary’s systems
• Australia’s IPH reveals data breach originated from member firm’s systems

Coles – April 2023

• Coles confirms its customers impacted by Latitude Financial data breach – ABC News
• Coles credit card customers exposed in Latitude data breach

Service NSW – April 2023

• Service NSW ‘technical issue’ may have exposed data of 3700 customers
• Service NSW breach exposes personal data affecting thousands of customers

MSI – April 2023

• MSI confirms cyber attack | Says “no significant” financial impact.

TAFE – April 2023

• TAFE data breach uncovered by SA Police | Credentials for 2224 students stolen

Tasmanian Government – March 2023

• Tasmanians affected by security breach of third-party file transfer service
• Tas gov says 16,000 documents leaked in GoAnywhere breach | Financial invoices and statements
• Major data breach in Tasmania exposes 16,000 documents online
• Names, addresses and bank account details potentially at risk after hack, Tasmanian government says
• Minister confirms 16,000 documents released online in Tasmanian data breach, helpline set up

Meriton – March 2023

• Hotel and property giant Meriton hit by data hack, personal documents may be at risk
• Bank details, birth certificates potentially hacked in Meriton data breach
• Private financial, health information exposed in Meriton data breach

Crown Resorts – March 2023

• Crown Resorts investigating potential data breach after being contacted by hacking group
• Crown Casinos investigates as ransomware group claims to have breached data

Canberra Health Services – March 2023

• Health worker sacked over ‘serious breach’ of patients’ privacy as ACT government investigates data misuse
• Private records of some Canberra Health Services patients ‘deliberately’ sent to industrial partner
• Explainer: What we know about the privacy breach at Canberra Health Services

iD Tech – March 2023

• Kids tech camp iD Tech still silent weeks after data breach

Rio Tinto – March 2023

• Rio Tinto says staff’s personal data may have been hacked in memo after an attack on GoAnywhere software
• Rio Tinto staff’s personal data, payslips may be affected by hack
• Rio Tinto’s Australian staff may have had personal data stolen in hack

QIMR Berghofer – March 2023

• Australia’s largest skin cancer study hit by data breach

Latitude – March 2023

• Latitude Financial warns customer data breach could widen and hack ‘remains active’
• Latitude Financial breach impacts 225,000 customers | Staff logins used to attack third-party service providers.
• Latitude customers are furious: some have had data hacked before through Medibank and Optus
• Latitude Financial Scrambles to Contain Large Data Breach
• Latitude Financial Hacked Impacting 328,000 Customers In Australia’s Latest Data Breach
• Latitude Financial hit by cyber attack, more than 300,000 identity documents stolen
• Latitude Financial data breach widens as fears over copies of driver’s licences grow
• If you have had your NSW driver licence details exposed in the Latitude Financial data breach you may need to replace your card

NSW Health – March 2023

• NSW Health has revealed itself to have been affected by the recent Frontier Software data breach

CBA – March 2023

• CBA hit by cyberattack in Indonesia

The Good Guys – February 2023

• The Good Guys warns of customer data leak | Breach of loyalty program in 2021.
• Historic data breach impacts up to 1.85 million The Good Guys customers
• The Good Guys customers possibly affected by data breach at former third-party provider My Rewards
• The Good Guys Says the Bad Guys Hacked Its Old Rewards System

Guardian Australia – February 2023

• Guardian Australia staff details compromised in cyberattack

JD Sports – February 2023

• Sports clothing retailer JD Sports hit by cyber attack which leaked 10 million customers’ data | The personal data includes names, email addresses, phone numbers and billing addresses.

GoTo – January 2023

• GoTo data breach saw encrypted backups taken

Mount Lilydale Mercy College – January 2023

• Mount Lilydale Mercy College caught up in data breach hack | Parents are being warned their credit card information may have been stolen over the school holidays.
• Hundreds of parents hit by credit card hack at Lilydale school
• More than 11,000 employees, students and former staff affected by cyber attack, QUT says

QUT – January 2023

• QUT confirms personal data of thousands of staff compromised in cyber attack
• QUT alerts staff, students to data breach – After December ransomware attack
• QUT attack breaches data of 11,405 individuals | Extent of Royal attack revealed.

PayPal – January 2023

• PayPal Latest To Suffer Massive Data Breach

Norton LifeLock – January 2023

• Norton LifeLock hit by data breach via password managers
• NortonLifeLock hit by data breach via password managers

Reference and Credit goes to Webber Insurance