Data breaches in Australia for January 2024 … so far

January 28, 2024 |

It has been a busy year for data breaches in Australia in January 2024 (so far). Eagers Automotive stopped trading in late December 2023 with the notification of a cyber attack being advised in early January. The LockBit 3.0 ransomware group claimed responsibility. A Melbourne travel agency, Inspiring Vacations, had its data base non password protected. It had 112,605 records relating to customers. This usually involves poor configuration.

Iconic, an online retailer, had inadequate basic security measures to verify customer details which put its 2.1 million customers at risk of defrauded. And some were according to Iconic. The hackers embarked on credential stuffing, using stolen usernames and passwords from one organisation to infiltrate and access client accounts on separate websites. This form of attack exploits common online behavior of individuals reusing the same email and password combinations across multiple digital platforms. Iconic’s response was truly abysmal, initially denying it had suffered a data breach. Later Iconic promised to issue refunds to hacked customers. While Iconic’s volte face was fairly rapid it was a major mistake to deny what was obviously taking place. Print Music company Hal Leonard was hit by a ransomware attack by the Qilin ransomware gang. It gave Hal Leonard a week to pay a ransom. Hal Leonard has made no comment. Qilin has shared 37.6 gigabytes of Hal Leonard’s data. On 23 January Nissan Oceana notified customers of a cyber attack. it is a very bare bones notification, not even identifying when the attack was detected.

The Nissan statement provides:

The Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand (“Nissan”) is investigating a cyber incident that has impacted our systems.

We can confirm that an unauthorised third party illegally accessed some of Nissan’s local systems in Australia and New Zealand and that some of that data has been posted on the dark web.

Our external cyber forensic experts are urgently focused on completing their analysis to determine exactly what information was compromised so that we may notify affected individuals accordingly, and as soon as possible.

The Australian Cyber Security Centre and the New Zealand National Cyber Security Centre continue to assist us with our investigation.

We know this development may be concerning for our Australian and New Zealand customers and we apologise for any distress it has caused.

We are working as quickly as we can to complete our forensic analysis so that we can contact affected individuals as needed, and provide support and assistance where we can.

Regular updates will continue to be posted on the Nissan website. In the meantime, customers with any questions or concerns can contact our dedicated call centre on +61 3 9000 0814. This call centre will be staffed between 8:30am – 5:00pm AEDT weekdays (excluding public holidays).

We encourage everyone to continue taking steps to protect themselves against identity theft, scams or fraud, including:

    • Be vigilant for any unusual or suspicious online activity
    • Update your passwords for your online accounts
    • Enable multi-factor authentication for your online accounts where possible
    • Avoid clicking on any links or opening any suspicious emails or attachments
    • Contact IDCare, the Australian and NZ national identity and cyber support service: 
    • Report a scam in Australia by visiting?Scamwatch?at
    • Request a free credit report from a credit reporting body, if you are in Australia (Equifax, illion and Experian), or from a credit reporting agency if you are in New Zealand (Centrix, Equifax and illion) and check for any applications or requests that you did not make

Leave a Reply

Verified by MonsterInsights