Breaches – Page 3 – Cyber Law Watch

A Home Affair: Department of Home Affairs ordered to compensate Asylum Seekers following inadvertent disclosure

Feb 08 2021

By Cameron Abbott, Warwick Andersen, Michelle Aggromito and Max Evans

As a result of a recent class action, the Department of Home Affairs has been ordered by the Australian Information Commissioner, Angelene Falk, to pay compensation to asylum seekers after the Department was found to have interfered with the privacy of 9,251 detainees.

According to a media release from the Office of the Australian Information Commissioner (OAIC) , the relevant breach stemmed from February 2014, where the Department published on its website a “Detention Report”, which had embedded within it a Microsoft Excel spreadsheet containing the personal information (including full names, date of birth and period of immigration detention) of 9,258 individuals who were in immigration detention at that time.

Nov 11 2020

By Cameron Abbott, Warwick Andersen and Max Evans

The City of Port Phillip Council has accidentally published to data.gov.au personal information of an unknown number of residents who had reported graffiti, according to an article from ITNews supported by a statement released by the council.

According to the statement, during work to automate the generation of a graffiti dataset, an incorrect version was selected which led to the unapproved publication of personal information such as names, phone numbers and/or email addresses of the persons who reported graffiti to the council. As the article notes, of the approximately 764 email addresses and 859 phone numbers that were published, 53% of the email addresses belonged to businesses and 28% of the phone numbers were for landlines and 1300 numbers.

Oct 27 2020

By Cameron Abbott and Keely O’Dowd

Patients of a Finnish psychotherapy centre have become the victims of a blackmail campaign after the centre suffered a data breach. It is reported, the centre’s data was stolen during two attacks, one occurring in November 2018 and the other between the end of November 2018 and March 2019.

A cyber criminal (or criminals) has used the stolen data to contact patients demanding the payment of 200 euros in bitcoin, with this amount increasing to 500 euros if the patient refused to pay within 24 hours. If a patient refused to pay the ransom, the cyber criminal threatened to publish their personal information, including notes from therapy sessions. Around 300 records have been published on the dark web, which suggests patients are refusing to pay the ransom. The centre also received a ransom demand of 500,000 euros for the return of their data, which it has refused to pay.

Oct 19 2020

By Cameron Abbott and Rebecca Gill

The UK Information Commissioner’s Office (ICO) has fined British Airways £20 million, the ICO’s largest fine to date, for failing to protect the personal and financial details of more than 400,000 of its customers.

In a statement published online on 16 October 2020, the ICO stated that its investigation had found that British Airways was “processing a significant amount of personal data without adequate security measures in place”. This failure is said to have breached data protection laws and, subsequently, the airline was the subject of a cyberattack in 2018, which was not detected for more than two months.

By Cameron Abbott, Keely O’Dowd and Max Evans

The Office of the Australian Information Commissioner (OAIC) has released its report on notifications received under the Notifiable Data Breaches scheme for period January to June 2020.

The OAIC reported 518 breaches were notified to it in the relevant period. The OAIC noted a 3% decrease from the 532 breaches notified in the period July 2019 to December 2019. However, there was a 16% increase on the 447 notifications received during January to June 2019.

Jul 17 2020

By Cameron Abbott, Warwick Andersen, Rob Pulham and Keely O’Dowd

Reports have surfaced that the Twitter accounts of prominent companies, politicians and celebrities were compromised on Wednesday, 15 July 2020. Hackers were able to gain large scale access to the Twitter accounts of several prominent and influential US personalities and companies to promote a cryptocurrency scam.

It is concerning that the accounts of prominent figures were targeted and compromised. Given the level of influence and prominence several of those individuals have on social media, the hackers had the potential to cause greater havoc. On this occasion, it appears the hackers were financially motivated to perform the cyber attack by seeking “donations” via Bitcoin. The hackers sent out tweets asking people to donate Bitcoin to an address and the Twitter account holder would double the donation.

Jul 10 2020

By Cameron Abbott and Keely O’Dowd

Intelligence experts KELA recently announced that almost 500,000 customer records of different car suppliers were being offered for sale on the dark web by hacking group “KelvinSecurity Team”.

According to reports, almost 400,000 UK based BMW customers’ data is being sold on the online black market. This data includes the initials and surnames of car owners, home addresses, email addresses, the names of dealerships and car-registration information. The data of Mercedes, SEAT, Honda and Hyundai car owners also form part of the compromised customer records.

Jul 07 2020

By Cameron Abbott and Keely O’Dowd

Woolworths recently paid a $1 million infringement notice and agreed to a court-enforceable undertaking with the Australian Communications and Media Authority (ACMA) in response to breaches of Australian Spam laws.

ACMA announced Woolworths had breached the Spam Act 2003 (Cth) (SPAM Act) more than five million times when it sent marketing emails to consumers after they had previously unsubscribed to Woolworths’ messages. ACMA’s investigation into Woolworths’ compliance with the SPAM Act revealed Woolworths’ systems, processes and practices were inadequate to comply with the Spam laws.

Jun 19 2020

By Cameron Abbott, Keely O’Dowd and Rebecca Gill

News reports have revealed that Lion Beer Australia has suffered a second cyberattack within a week of falling victim to a ransomware attack. While Lion continues to recover from the first cyberattack, it must now investigate, respond and recover from this second attack.

Today, Lion announced it had received reports of Lion document lists posted online in recent days. It is continuing to investigate if any data has been removed from its system. Lion has also advised relevant authorities and regulators of the first incident.

Jun 01 2020

By Cameron Abbott, Warwick Andersen, Rob Pulham, Michelle Aggromito and Rebecca Gill

It has been reported that hackers have accessed and stolen details of about 9 million customers of British airline easyJet. Approximately 2,208 easyJet customers have also had their credit card details accessed and stolen.

easyJet reported that it became aware of this “highly sophisticated” cyberattack in late January this year. After an investigation, the airline recently disclosed that the details accessed and stolen by the hackers included email addresses, travel information, and credit card data including CVV numbers.

Catagory:Breaches

A Home Affair: Department of Home Affairs ordered to compensate Asylum Seekers following inadvertent disclosure

Leaky Port: City of Port Phillip Inadvertently Discloses Personal Information on Federal Government Website

Therapy clients become targets of blackmail campaign

Cyber Criminals “King of the (Data Breach) Jungle”: 61% of all Data Breaches caused by Malicious or Criminal Attacks, according to OAIC Report

500,000 car owner records found on dark web

Woolworths hit with largest SPAM infringement to date

Under attack: Lion suffers second cyberattack and the Federal Government warns of an active cyberattack on Australian organisations