2018 - Data Breach Notifications in Australia

Commonwealth Bank – December 2018

• Commonwealth Bank customers’ medical data exposed in potential privacy breach – The Commonwealth Bank is urgently investigating a potential data breach that may have given its staff access to customers’ sensitive medical information.

Humble Bundle – December 2018

•  Humble Bundle Falls Victim To ‘Very Limited’ Data Breach [Updated] 

News Corp – December 2018

• News Corp’s email bungle a harsh lesson in data privacy

Marriott’s Hotels – December 2018

• Massive data breach at Marriott’s hotels exposes private data of 500,000 guests – A massive data breach has exposed the private data, including passport and credit card numbers, of half a million guests of the international hotel chain.
• Credit card info and passport details of 500 million Marriott guests stolen in mammoth data breach

Dell – November 2018

• Dell resets dell.com passwords after finding likely data breach – Computer manufacturer Dell has reset all passwords for accounts on its dell.com site, after it became aware on 9 November that an attempt to exfiltrate data was taking place.

Victoria’s Emergency Services – November 2018

• ‘Appalling’ emergency services data breach to be investigated – The state government will launch an immediate investigation into an “appalling” data breach that saw personal details of emergency services staff posted to the web.

Amazon – November 2018

• Amazon suffers data breach, but says little about it –Amazon delivered a nasty surprise on one of its busiest days of the year today after discovering it had “inadvertently” leaked customers’ personal information.
• Amazon suffers customer data breach hours before Black Friday
• Amazon is getting slammed for a confusing email telling some customers they don’t need to change their password after a data leak
• Amazon Is Offering Gift Cards To Customers Who Complain About Its Data Breach

PageUp People – November 2018 Update

• No evidence’ data stolen in compromise

Federal Group Hotel – November 2018

• Contact databases hit by ‘low risk’ data breach – A Tasmanian luxury hotel and casino group has told some guests their personal information may have been accessed by a third party after a “low risk” data breach saw contact databases affected.
• Data breach hits luxury hotels in Tasmania, with guest details at risk of theft by ‘third party’.

Under Armour’s MyFitnessPal App – November 2018

• Under Armour says 4 million Aussie accounts in data breach – 150 million impacted worldwide

Austal – October 2018

• Extortionists target Aussie defence shipbuilder after cyber security breach
  Australia’s biggest defence exporter has been targeted by extortionists who launched a successful cyber attack to breach the company’s data management systems.
• Shipbuilder’s information accessed and offered for sale.

Facebook – September 2018

• Security breach affects 50 million users – company logs off 90 million accounts as a precaution.
• Everything we know about Facebook’s data breach
• Forbes coverage of Facebooks massive data breach
• Facebook trims data breach to 29m users
• Facebook says it will message users affected following the theft of data from 29 million accounts to tell them what type of information has been accessed.

Perth Mint – September 2018

• Perth Mint revises data breach impact – thousands of customers now affected.

RCR Tomlinson Engineering – August 2018

• RCR Tomlinson sat on staff data breach for three months.

Strathmore Secondary College – August 2018

• Probe into Melb high school privacy breach – The education department is investigating a privacy breach resulting in the accidental publication of Melbourne high school students’ personal records.

Airport Security Identity Cards (ASICs) – July 2018

• Airport security card company reveals data hack as AFP investigates.

MY Health Record – July 2018

• Could be our worst government data breach yet.
• My Health record data breach.
• Privacy Commissioner poised to release delayed data breach report but My Health Record adopts a different definition

Townsville City Council [Typeform] – July 2018

• Online system used by Townsville City Council hacked exposing public’s personal details.  HACKERS may have obtained the personal details who entered an art competition run by Townsville City Council. The council confirmed it had been notified about a security breach on Typeform, a company it uses.

Timehop App – July 2018

• Social media memories app Timehop got hit by a data breach affecting 21 million users.
• Security Brief’s article on the Timehop hack
• PC Authority’s coverage on the Timehop data breach

Cairns council hit by data breach [Typeform] | July 2018

• Cairns Regional Council has confirmed two of its online surveys were impacted by data security breaches
• Cairns Council Apologies After Hackers Breach Forms

PEXA – National e-conveyancing platform – July 2018

• PEXA account compromise sees family lose home sale funds – Security team scanning logs for same pattern.

Australian National University – July 2018

• ANU network ‘significantly compromised’ by hackers – University has spent ‘months’ containing threat
  
• Chinese Hackers Breach ANU

Airtasker – July 2018

• Airtasker caught up in Typeform data breach – Jobs marketplace Airtasker has revealed a “small amount” of data it collected through web forms may have been compromised in the Typeform breach

Bakers Delight – July 2018

• Bakers Delight warns comp entrants after Typeform breach – latest Australian company to notify customers of potential exposure to the Typeform data breach.

Tasmanian Electoral Commission – July 2018

• Tasmanian voters caught in data breach – Express vote applicants impacted

Ticketmaster – June 2018

• Ticketmaster Australia admits customer details may have been stolen in hack.
• Musicfeeds Article
• Sydney Morning Herald Article

HealthEngine – June 2018

• HealthEngine reveals data breach – Patient feedback information ‘may’ have been accessed

Flightradar24 – June 2018

• Flightradar24 suffers security breach – Attackers hit single server – Popular flight tracking site Flightradar24 has suffered a security breach that “may” have compromised the email addresses and hashed passwords

PageUp People – June 2018

• PageUp People all but confirms personal data ‘accessed’ – Widely-used Australian cloud HR vendor

MyHeritage – June 2018

• MyHeritage breach leaks 92 million users’ details – A security breach at family networking and genealogy website leaked email addresses and hashed passwords of users

Family Planning NSW – May 2018

• Family Planning NSW hit by ransomware attack – may have compromised online databases.

Svitzer Australia – March 2018

• First data breach publicised under Australian notice scheme – Svizter reveals email leak

GoGet – January 2018

• GoGet reveals data breach as police arrest alleged hacker – Car Sharing Service – Customer data accessed

Reference and Credit goes to Webber Insurance