Tag: data breach

1
Toll’d You So: Cyber Security Incident Cripples Toll’s Supply Lines, Causes Customer Backlash
2
Taking its Toll: Toll Shuts Down IT Systems Citing Cyber-Security Incident
3
You Can’t Throw the (Face)Book at Them: Affected Users Unable to Pursue Damages Claim against Facebook
4
Double-Edged Sword: Cambridge Analytica Whistle-Blower exposes the dual nature of Technology
5
Could your ERP system make you a victim of cybercrime?
6
Hyp3r-misappropriation of data gets Instagram’s attention, but is enough being done?
7
Old-school thieving causes latest university data breach
8
Sorry Sir, Our Data Breach Response Plan is Out of Stock
9
Major privacy and security breaches confirmed this week: Westpac, the ANU and Princess Polly targeted
10
Surveillance software targets WhatsApp users

Toll’d You So: Cyber Security Incident Cripples Toll’s Supply Lines, Causes Customer Backlash

By Cameron Abbott, Warwick Andersen and Max Evans

Further information surrounding the specific details and extent of the security breach suffered by transport and logistics network Toll, which we previously blogged in respect of, have been revealed by the Australian Financial Review.

The crippling ransomware attack, known now as “Mailto” or “Kazakavkovkiz” caused Toll to suspend many of its delivery and tracking systems with a Toll spokesperson indicating that the company needed to suspend up to 500 applications that supported its operations across 25 countries worldwide. In Australia, entities such as Nike, Optus, and Telstra were forced to address a multitude of customer complaints arising out of packages affected by the relevant cyber attack.

Read More

Taking its Toll: Toll Shuts Down IT Systems Citing Cyber-Security Incident

By Cameron Abbott, Max Evans and Florence Fermanis

We have our first large scale data breach of the decade. Toll, a transport and logistics network which delivers up to 95 million items globally every year, has temporarily shut down a number of its IT systems as a precautionary measure after suffering a cyber-security breach on Friday, according to an article by the SMH.

A spokesperson has indicated that Toll has cybersecurity experts working closely with their IT team on the breach, and is taking careful internal measures so that systems can be brought back up online in a “controlled and secured manner”. Additionally, Toll has initiated business continuity plans to minimise the disturbance brought on by the breach. While any official numbers of affected customers and the exact nature and extent of the breach have not yet been released by Toll, The Register has reported that the breach has reportedly affected customers in Australia, India and the Philippines.

Read More

You Can’t Throw the (Face)Book at Them: Affected Users Unable to Pursue Damages Claim against Facebook

By Cameron Abbott, Max Evans and James Gray

A US federal judge has ruled that the 29 million Facebook users affected by the September 2018 data breach may not seek damages as a remedy, but can only pursue the enforcement of better security practices at Facebook, according to a report by Reuters. Judge Alsup of the US District Court stated that Facebook’s repetitive losses of users’ privacy indicated a long-term need for supervision, which comes in addition to prior judgment which indicated that Facebook’s views about user’s privacy expectations were “so wrong”.

Read More

Double-Edged Sword: Cambridge Analytica Whistle-Blower exposes the dual nature of Technology

By Cameron Abbott, Max Evans and James Gray

In his cautionary tale, 1984, author George Orwell spoke of a paradigm where the unregulated use of powerful technology, referred to as “telescreens”, manifested a society beholden to the ethics of the controller. This paradigm is perhaps more real than ever, according to an article by Reuters

By exploring the views of Cambridge Analytica whistle-blower Christopher Wylie, the article advises that the deep, multifaceted involvement of big tech companies in consumers’ lives, the ultimate dependence that arises from such involvement and the overwhelming vulnerability of such consumers renders tech companies “too big to fail”. Wylie argues that the vast imbalance of power and information in favour of these companies over users is resulting in a constant scrambling by regulators to control the rapid adoption of such technology forms.

Read More

Could your ERP system make you a victim of cybercrime?

By Cameron Abbott and Allison Wallace

We frequently blog here about incidents where companies, government agencies or public have suffered data or security breaches at the hands of hackers. They’re often incidents that come to light because they affect the public in some way – by shutting down hospitals, exposing sensitive personal information, or threatening government security. But what about hacks that, while not having wide-reaching public implications, go to the core of a business’ operations?

Read More

Hyp3r-misappropriation of data gets Instagram’s attention, but is enough being done?

By Cameron Abbott, Michelle Aggromito and Alyssia Totham

Until recently, a security vulnerability in the social media platform Instagram, allowed Hyp3r to illicitly harvest millions of Instagram users’ data and track their locations.

In a similar manner to the Cambridge Analytica scandal that plagued Facebook following the 2016 US presidential election, this latest example of Hyp3r’s mass data collection was discovered through a journalistic investigation and was not uncovered by the social media platform.

Read More

Old-school thieving causes latest university data breach

By Cameron Abbott and Alyssia Totham

Thirty years’ worth of student data from the University of Western Australia (UWA) has been stolen. Archaic and unconventional in the world of cyber security and data protection, this data breach resulted from the theft of laptops from the University. The number of laptops stolen and the number of students affected remains undisclosed by the University.

Read More

Sorry Sir, Our Data Breach Response Plan is Out of Stock

By Cameron Abbott, Michelle Aggromito and Max Evans

We are living in an era of online shopping, where consumers are more willing to hand over personal information for goods and services, and are less suspicious of whom they are divulging their personal information to. As a result, online businesses are in possession of a vast amount of their customers’ personal information. The recent hack of Sneaker Platform Stock-X reminds us yet again of the importance of businesses maintaining comprehensive and up to date security processes, and in particular, the necessity of having an adequate data breach response plan in place.

Stock-X, a platform for the re-sale of sneakers and apparel, was recently hacked, exposing over six million users’ personal data, including their real name, username, password, shoe size and trading currency. According to a Report by TechCrunch, Stock-X’s initial response was to reset customer passwords, stating that it was due to system updates. A spokesperson for Stock-X later disclosed to TechCruch that Stock-X was alerted to “suspicious activity”. TechCrunch reports; however, an unnamed data breach seller had contacted it claiming more than 6.8 million records were stolen from Stock-X in May, and that the records had been put up for sale and sold on the dark web for $300.

Read More

Major privacy and security breaches confirmed this week: Westpac, the ANU and Princess Polly targeted

By Cameron Abbott, Allison Wallace and Rebecca Gill

It’s been a chilly start to winter for three Australian organisations, who’ve this week reported major privacy and security breaches.

Up to 100,000 Australians’ personal information has been exposed in a hack affecting Westpac Bank. Westpac confirmed on Monday that details of Australian bank customers (not just those of Westpac) were exposed in a cyberattack on real time payments platform PayID. The banking giant says it noted a high volume of PayID lookups in 2019 on a semi-daily basis, which was a result of attackers trying to guess phone numbers, which, if guessed correctly, would give them the name of the account holder to which the number is linked. Despite the hack, Westpac says that no customer bank account details were compromised as a result of this cyberattack. Nevertheless, experts warn that the details accessed could still be used to commit fraud.

Read More

Surveillance software targets WhatsApp users

By Cameron Abbott, Rob Pulham and Michelle Aggromito

Unfortunately for all of us, Privacy Awareness Week doesn’t mean a chance to take a break from seemingly endless data breach notifications and social media vulnerabilities.

This week it’s WhatsApp’s turn, with reports that hackers, or as WhatsApp described as “an advanced cyber-actor”, have been able to remotely install surveillance software on phones and other devices of select targets, likely to be lawyers, journalists, activists and human rights defenders. The hackers were able to compromise the devices by using WhatsApp’s call function to ring the devices. The surveillance software was still installed even if the call was not picked up and the call reportedly would disappear from the compromised device’s call log. This means the malware could be installed without any action from the compromised user – and potentially without them even being able to determine that they had been compromised.

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.