The Office of the Australian Information Commissioner (OAIC) has released its second quarterly report of notifiable data breaches. This report is of particular significance as it, unlike the first “quarterly” report, covers a full quarter and therefore depicts a more accurate account of data breaches over a calendar quarter.
Online genealogy platform MyHeritage suffered a major data breach in which email addresses and hashed passwords of over 92 million users were leaked. The data breach occurred in October 2017, but was not discovered until 4 June 2018.
MyHeritage became aware of the breach after a security researcher found a file named “myheritage” on a private server. The file contained all the email addresses of MyHeritage users who signed up through to 26 October 2017, and their hashed passwords.
PageUp, a leading HR software support company has revealed it has fallen victim to a massive data breach, potentially compromising the personal details of thousands of Australians. Boasting over 2 million active users worldwide and counting a roll call of major Australian companies together with a number of government agencies as clients, the breach may be the largest since the introduction of mandatory data breach notification laws in February (which we blogged about here).
Up to 8000 clients of Family Planning New South Wales have been affected by a ransomware attack on the NGO’s website. No the sort of records people every want to see disclosed.
The website was hacked on ANZAC Day, with the personal information of clients who had contacted FPNSW in the past 2 and a half years compromised – including details such as names, contact details and reasons for enquiries.
In the US, several attempts at class actions for those affected by a data breach have failed challenges in early procedural stages. In Dieffenbach v. Barnes & Noble, Inc., 887 F.3d 826 (7th Cir. Apr. 11, 2018), the Seventh Circuit allowed a data breach class action to survive the pleadings stage. At the same time, the Court indicated that the plaintiffs may have a tough time proving their claims on the merits or establishing that class certification is warranted. At the end of the day, the Dieffenbach decision may prove to be less of a boon and more of a bust for plaintiffs in data breach class actions. Although it may provide a means to get into court, the decision makes clear that obtaining a favorable outcome may be a “difficult task.” For a full summary of the Dieffenbach decision please see our client alert here.
It’s been just over 6 weeks since the government’s notifiable data breach scheme came into force and the Office of the Australian Information Commissioner (OAIC) has revealed it has received 63 reports of data breaches since the scheme’s start date of February 22. The figure released as part of the OAIC’s first quarterly report on the scheme.
This is somewhat of a stark contrast to the 114 voluntary notifications for data breaches received by the OAIC in the 2016-17 financial year, before the scheme was in place.
In another blow to embattled Facebook, British and US lawyers have launched a class action lawsuit against the social media giant, along with Cambridge Analytica and two other companies for allegedly misusing the data of over 87 million people.