Recent data breaches in Australia show the problem remains and that organisation
September 10, 2024 |
With amendments to the Privacy Act about to be introduced into the House of Representatives, or at least that is the expectation, it is worth listing the known significant data breaches in Australia in August>
Bloom Hearing
- Bloom Hearing Specialists, which operates hundreds of clinics around Australia, confirmed that a “threat actor” had stolen data from the audiologist’s network. The data includes medical and financial records of current, past and prospective patients as well as current and former employees and contractors. Bloom released a statement, Bloom Hearing confirms that the data includes medical and financial records of current, past and prospective patients as well as current and former employees and contractors.
Regent Caravans – August 2024
- Regent Caravans was hit by RansomHub, losing 30 gigabytes of data included a large amount of CAD files for the company’s caravans, ordering details, and a folder full of ID card photos of the company’s employees.
All Parks Insurance – August 2024
- All Parks Insurance, based in Wyong in NSW, was hit by the Meow ransomware gang, which claimed to have stolen 90 gigabytes of data.
Meli – August 2024
- The Qilin ransomware group claimed to have hit Meli and stolen 419,617 files totalling 215 gigabytes of data. Meli confirmed the attack.
Myelec Electrical Wholesalers – August 2024
- Myelec Electrical Wholesalers, based in Western Australia, was listed on Lynx’s ransomware list and dark web leak sites, alongside screenshots as proof of the breach. Lynx is playing it very cautiously confirming it was aware of the incident.
Engedi – August 2024
- Rhysida ransomware operation has attacked the Mackay-based disability support provider.
Adreno – August 2024
- Adreno, a on line dive store was attacked with stolen data including a large number of internal sales data for each customer, which appears to have come from a Shopify database, fields for customer ID, opt-in details for SMSes, loyalty reward programs, credit details, and even customers’ other interests
Evolution Mining – August 2024
- Australian’s Evolution Mining was hit by a cyber attack
FlightAware – August 2024
- The popular flight tracking application FlightAware was the subject of a cyber attack which exposed a swathe of personal information. The cause of breach was a configuration error.
Hudson Civil Engineering – August 2024
- RansomHub ransomware gang hacked the Launceston-based Hudson Civil Engineering.
Kempe Engineering – August 2024
- The RansomHub ransomware gang has hit the Geelong-based specialist engineering firm and successfully exfiltrated approximately 4TB of sensitive data, including financial records, customer data, all internal mail and proprietary business information. A demand for ransom was made.
Life360 – August 2024
- There has been a significant data breach of Life360, a family safety and location-sharing platform which has involved the loss of over 442,519 users. The attackers ere able to exploit a security flaw within the company’s API systems. The breach involved the release of names, phone numbers, and email addresseserns about the robustness of API security practices and the potential consequences for affected users
Western Sydney University – August 2024
-
Western Sydney University has suffered a data breach which involved personally identifiable information, including names, contact details, dates of birth, health information, sensitive information relating to workplace conduct and health and safety matters, government identification documents, tax file numbers, superannuation details and bank account information. The University notified approximately 7,500 impacted individuals. The breach was through its Microsoft Office 365 and Isilon.
Early Settler – August 2024
-
Early Settler confirmed it is the victim of a data breach exposing the names and contact details for sale on a popular hacking forum. The forum user posted the details of the breach on August 3, claiming to have the details of 1.1 million customers.
McDowall Affleck – August 2024
- Australian engineering firm McDowall Affleck confirmed it was the victim of a ransomware attack by RansomHub. RansomHub claimed to have taken a total of 470 gigabytes of data including: all blueprints and documents related to past and current projects, quota documents, insurance documents, tender and contract documents, client and partner information and personal information of employees.