The cyber attack, reported by Channel Nine as a variation of a ransomware attack, struck early Sunday morning, resulting in television and digital production systems being offline for more than 24 hours. The attack impaired Channel Nine’s ability to broadcast from its Sydney studios, forcing the media outlet to shift operations to its Melbourne studios.Read More
As a result of a recent class action, the Department of Home Affairs has been ordered by the Australian Information Commissioner, Angelene Falk, to pay compensation to asylum seekers after the Department was found to have interfered with the privacy of 9,251 detainees.
According to a media release from the Office of the Australian Information Commissioner (OAIC) , the relevant breach stemmed from February 2014, where the Department published on its website a “Detention Report”, which had embedded within it a Microsoft Excel spreadsheet containing the personal information (including full names, date of birth and period of immigration detention) of 9,258 individuals who were in immigration detention at that time.Read More
The City of Port Phillip Council has accidentally published to data.gov.au personal information of an unknown number of residents who had reported graffiti, according to an article from ITNews supported by a statement released by the council.
According to the statement, during work to automate the generation of a graffiti dataset, an incorrect version was selected which led to the unapproved publication of personal information such as names, phone numbers and/or email addresses of the persons who reported graffiti to the council. As the article notes, of the approximately 764 email addresses and 859 phone numbers that were published, 53% of the email addresses belonged to businesses and 28% of the phone numbers were for landlines and 1300 numbers.Read More
Patients of a Finnish psychotherapy centre have become the victims of a blackmail campaign after the centre suffered a data breach. It is reported, the centre’s data was stolen during two attacks, one occurring in November 2018 and the other between the end of November 2018 and March 2019.
A cyber criminal (or criminals) has used the stolen data to contact patients demanding the payment of 200 euros in bitcoin, with this amount increasing to 500 euros if the patient refused to pay within 24 hours. If a patient refused to pay the ransom, the cyber criminal threatened to publish their personal information, including notes from therapy sessions. Around 300 records have been published on the dark web, which suggests patients are refusing to pay the ransom. The centre also received a ransom demand of 500,000 euros for the return of their data, which it has refused to pay.Read More
The UK Information Commissioner’s Office (ICO) has fined British Airways £20 million, the ICO’s largest fine to date, for failing to protect the personal and financial details of more than 400,000 of its customers.
In a statement published online on 16 October 2020, the ICO stated that its investigation had found that British Airways was “processing a significant amount of personal data without adequate security measures in place”. This failure is said to have breached data protection laws and, subsequently, the airline was the subject of a cyberattack in 2018, which was not detected for more than two months.Read More
Further information surrounding the specific details and extent of the security breach suffered by transport and logistics network Toll, which we previously blogged in respect of, have been revealed by the Australian Financial Review.
The crippling ransomware attack, known now as “Mailto” or “Kazakavkovkiz” caused Toll to suspend many of its delivery and tracking systems with a Toll spokesperson indicating that the company needed to suspend up to 500 applications that supported its operations across 25 countries worldwide. In Australia, entities such as Nike, Optus, and Telstra were forced to address a multitude of customer complaints arising out of packages affected by the relevant cyber attack.Read More
We have our first large scale data breach of the decade. Toll, a transport and logistics network which delivers up to 95 million items globally every year, has temporarily shut down a number of its IT systems as a precautionary measure after suffering a cyber-security breach on Friday, according to an article by the SMH.
A spokesperson has indicated that Toll has cybersecurity experts working closely with their IT team on the breach, and is taking careful internal measures so that systems can be brought back up online in a “controlled and secured manner”. Additionally, Toll has initiated business continuity plans to minimise the disturbance brought on by the breach. While any official numbers of affected customers and the exact nature and extent of the breach have not yet been released by Toll, The Register has reported that the breach has reportedly affected customers in Australia, India and the Philippines.Read More
A US federal judge has ruled that the 29 million Facebook users affected by the September 2018 data breach may not seek damages as a remedy, but can only pursue the enforcement of better security practices at Facebook, according to a report by Reuters. Judge Alsup of the US District Court stated that Facebook’s repetitive losses of users’ privacy indicated a long-term need for supervision, which comes in addition to prior judgment which indicated that Facebook’s views about user’s privacy expectations were “so wrong”.Read More