hacked – Cyber Law Watch

Sorry Sir, Our Data Breach Response Plan is Out of Stock

Aug 12 2019

By Cameron Abbott, Michelle Aggromito and Max Evans

We are living in an era of online shopping, where consumers are more willing to hand over personal information for goods and services, and are less suspicious of whom they are divulging their personal information to. As a result, online businesses are in possession of a vast amount of their customers’ personal information. The recent hack of Sneaker Platform Stock-X reminds us yet again of the importance of businesses maintaining comprehensive and up to date security processes, and in particular, the necessity of having an adequate data breach response plan in place.

Stock-X, a platform for the re-sale of sneakers and apparel, was recently hacked, exposing over six million users’ personal data, including their real name, username, password, shoe size and trading currency. According to a Report by TechCrunch, Stock-X’s initial response was to reset customer passwords, stating that it was due to system updates. A spokesperson for Stock-X later disclosed to TechCruch that Stock-X was alerted to “suspicious activity”. TechCrunch reports; however, an unnamed data breach seller had contacted it claiming more than 6.8 million records were stolen from Stock-X in May, and that the records had been put up for sale and sold on the dark web for $300.

Major privacy and security breaches confirmed this week: Westpac, the ANU and Princess Polly targeted

Jun 07 2019

By Cameron Abbott, Allison Wallace and Rebecca Gill

It’s been a chilly start to winter for three Australian organisations, who’ve this week reported major privacy and security breaches.

Up to 100,000 Australians’ personal information has been exposed in a hack affecting Westpac Bank. Westpac confirmed on Monday that details of Australian bank customers (not just those of Westpac) were exposed in a cyberattack on real time payments platform PayID. The banking giant says it noted a high volume of PayID lookups in 2019 on a semi-daily basis, which was a result of attackers trying to guess phone numbers, which, if guessed correctly, would give them the name of the account holder to which the number is linked. Despite the hack, Westpac says that no customer bank account details were compromised as a result of this cyberattack. Nevertheless, experts warn that the details accessed could still be used to commit fraud.

Family Planning NSW the latest victim of cyber attacks

May 16 2018

By Cameron Abbott and Allison Wallace

Up to 8000 clients of Family Planning New South Wales have been affected by a ransomware attack on the NGO’s website. No the sort of records people every want to see disclosed.

The website was hacked on ANZAC Day, with the personal information of clients who had contacted FPNSW in the past 2 and a half years compromised – including details such as names, contact details and reasons for enquiries.

Just one of 734: Australian defence contractor hacked

Oct 16 2017

By Cameron Abbott and Olivia Coburn

A hacker has breached the computer system of an unnamed defence contractor and stolen 30 gigabytes of data, including information on Australia’s $17 billion Joint Strike Fighter program.

The data breach, which the Australian Government publicly disclosed last week, also includes information about Australia’s $4 billion P-8 surveillance plane project, Collins Class submarines and the warships HMAS Canberra and HMAS Adelaide. The Government has emphasised that the stolen data is commercially sensitive but not classified.

The announcement coincides with the release of the Australian Cyber Security Centre’s 2017 Threat Report, available here, which reveals that the hack is among 734 cyber incidents affecting private sector systems of national interest and critical infrastructure providers.

Equifax data breach: 143 million records exposed but senior executives not told immediately?

Sep 12 2017

By Cameron Abbott and Olivia Coburn

Equifax has joined Yahoo on the podium for the award no one wants: suffering one of the largest data breaches in history.

Equifax, one of the three largest US credit reporting agencies, announced last week that it suffered a cybersecurity incident potentially impacting 143 million US consumers – a figure comprising of roughly 55 per cent of Americans aged 18 years or older. Some UK and Canadian residents are also affected.

Bitcoin operators exposed to cyber threats

Sep 01 2016

By Cameron Abbott and Rebecca Murray

Reuters has reported that a third of bitcoin trading platforms have been hacked, and nearly half have closed since they entered the scene 6 years ago. This increasing risk for bitcoin holders is compounded by the fact there is no depositor’s insurance to absorb the loss. That approach heightens cybersecurity risks and also exposes the fact that bitcoin investors have little choice but to do business with under-capitalized exchanges.

This issue was evident when Bitfinex was hacked earlier this month and an estimated $70 million in bitcoin was stolen. The virtual bank’s customers were forced to share the losses resulting in a generalized loss percentage of 36.067%. Read our blog post on this hacking here.

Experts say trading venues acting like banks such as Bitfinex will remain vulnerable. These exchanges act as custodial wallets in which they control users’ digital currencies like banks control customer deposits. However, unlike their brick-and-mortar counterparts, when customers’ bitcoin accounts are hacked, there is currently no third party that can step in to deal with the theft. As a result, these underfunded exchanges require nearly perfect security.

Given this it is not surprising that certain governments around the world are exploring the possibility of central bank issued digital currencies using distributed ledger technology which could compete with the private digital currency systems such as bitcoin. Read more on this here.

Hackers to take the blame for Census?

Aug 10 2016

By Cameron Abbott and Rebecca Murray

The Australian Bureau of Statistics (ABS) says that the 2016 online census form was subject to “four Denial of Service attacks,” which prompted the ABS to shut down its Census website as a security precaution on Tuesday night. Read the ABS’s media release here.

While the ABS maintains that 2 million forms were successfully submitted and safely stored, thousands of Australians were prevented from taking part in the Census due to the website crash. The ABS has revealed that it believes that the attacks came from overseas and were a deliberate attempt to sabotage the census. However, we are wondering if the entire Australian population accessing the website at the same time might look like a Denial of Service attack in its own right! If ever a system should have been robust enough to cope with such an attack it was this one.

Attorney-General George Brandis has stated that the security measures in place were “more than sufficient to protect individual privacy” and that “the cyber security operations centre has been engaged overnight…and is investigating the matter.”

Complex ModPOS Malware Infects Point-of-Sale Terminals in Lead up to Christmas Spend Frenzy

Nov 30 2015

By Cameron Abbott and Meg Aitken

While the festive season approaches and retailers prepare for their busiest time of the year, a sophisticated form of point-of-sale malware, known as ‘ModPOS’, has reared its ugly head and is targeting payment terminals in the U.S.

It is estimated that the first ModPOS data hacks occurred in 2013 and that millions of credit and debit cards used at a broad variety of U.S. retailers have since been compromised. The unique complexity of the code, which experts say has never been seen before in malware, made it tricky to decipher.

Cyber security experts have warned that ModPOS has the ability to not only “scrape” credit and debit card numbers from the memory of point-of-sale terminals, but that the multifaceted code also records keystrokes of computer operators and transmits stolen data. If that isn’t enough, the malware is particularly difficult to detect and is reportedly capable of infiltrating despite security software and data controls.

More details about ModPOS malware can be found here.

Hotel Industry Payment Systems Under Attack

Nov 26 2015

By Cameron Abbott and Meg Aitken

Stayed at one of Hilton Worldwide Holdings’ (Hilton) hotels between 18 November – 5 December 2014 or 21 April – 27 July 2015? Check your bank statement.

Within the same week, both the Hilton and Starwood Hotels & Resorts Worldwide Inc. (Starwood) have discovered the point-of-sale terminals at a number of hotels across the globe have been infected with malware.

The malicious malware has enabled hackers to pinch the credit and debit card information of Starwood and Hilton customers, however there is apparently no evidence that personal contact information provided as part of the hotels’ guest-reservation system or loyalty rewards program was stolen.

While the attack on Starwood was confined to 54 of its hotels in North America, the Hilton attack affected the chain’s hotels globally, including Australian establishments. The number of cards compromised has not been revealed by either hotel.

Starwood and Hilton hotels are not the only luxury hotel chains to be affected by data hacks in 2015. The Mandarin Oriental and Trump International have also reported data security breaches involving intrusive malware this year. In the case of Starwood the hack occurred over eight months without detection showing how sophisticated some of these attacks are.

Starwood’s media release can be found here. Hilton’s media release can be accessed here.

Malaysia Airlines Breach

Jan 28 2015

by Jim Bulling and Julia Baldi

Malaysia Airlines was hacked on 26 January 2015, with visitors to malaysiaairlines.com being confronted by an image of a lizard in a top hat, monocle and tuxedo. In addition, customer data appeared to have been leaked online.

See the Bank Info Security post about the breach here.

Tag:hacked