The cyber attack, reported by Channel Nine as a variation of a ransomware attack, struck early Sunday morning, resulting in television and digital production systems being offline for more than 24 hours. The attack impaired Channel Nine’s ability to broadcast from its Sydney studios, forcing the media outlet to shift operations to its Melbourne studios.Read More
Intelligence experts KELA recently announced that almost 500,000 customer records of different car suppliers were being offered for sale on the dark web by hacking group “KelvinSecurity Team”.
According to reports, almost 400,000 UK based BMW customers’ data is being sold on the online black market. This data includes the initials and surnames of car owners, home addresses, email addresses, the names of dealerships and car-registration information. The data of Mercedes, SEAT, Honda and Hyundai car owners also form part of the compromised customer records.Read More
Further information surrounding the specific details and extent of the security breach suffered by transport and logistics network Toll, which we previously blogged in respect of, have been revealed by the Australian Financial Review.
The crippling ransomware attack, known now as “Mailto” or “Kazakavkovkiz” caused Toll to suspend many of its delivery and tracking systems with a Toll spokesperson indicating that the company needed to suspend up to 500 applications that supported its operations across 25 countries worldwide. In Australia, entities such as Nike, Optus, and Telstra were forced to address a multitude of customer complaints arising out of packages affected by the relevant cyber attack.Read More
We are living in an era of online shopping, where consumers are more willing to hand over personal information for goods and services, and are less suspicious of whom they are divulging their personal information to. As a result, online businesses are in possession of a vast amount of their customers’ personal information. The recent hack of Sneaker Platform Stock-X reminds us yet again of the importance of businesses maintaining comprehensive and up to date security processes, and in particular, the necessity of having an adequate data breach response plan in place.
Stock-X, a platform for the re-sale of sneakers and apparel, was recently hacked, exposing over six million users’ personal data, including their real name, username, password, shoe size and trading currency. According to a Report by TechCrunch, Stock-X’s initial response was to reset customer passwords, stating that it was due to system updates. A spokesperson for Stock-X later disclosed to TechCruch that Stock-X was alerted to “suspicious activity”. TechCrunch reports; however, an unnamed data breach seller had contacted it claiming more than 6.8 million records were stolen from Stock-X in May, and that the records had been put up for sale and sold on the dark web for $300.Read More
Online genealogy platform MyHeritage suffered a major data breach in which email addresses and hashed passwords of over 92 million users were leaked. The data breach occurred in October 2017, but was not discovered until 4 June 2018.
MyHeritage became aware of the breach after a security researcher found a file named “myheritage” on a private server. The file contained all the email addresses of MyHeritage users who signed up through to 26 October 2017, and their hashed passwords.
Up to 8000 clients of Family Planning New South Wales have been affected by a ransomware attack on the NGO’s website. No the sort of records people every want to see disclosed.
The website was hacked on ANZAC Day, with the personal information of clients who had contacted FPNSW in the past 2 and a half years compromised – including details such as names, contact details and reasons for enquiries.
In the US, several attempts at class actions for those affected by a data breach have failed challenges in early procedural stages. In Dieffenbach v. Barnes & Noble, Inc., 887 F.3d 826 (7th Cir. Apr. 11, 2018), the Seventh Circuit allowed a data breach class action to survive the pleadings stage. At the same time, the Court indicated that the plaintiffs may have a tough time proving their claims on the merits or establishing that class certification is warranted. At the end of the day, the Dieffenbach decision may prove to be less of a boon and more of a bust for plaintiffs in data breach class actions. Although it may provide a means to get into court, the decision makes clear that obtaining a favorable outcome may be a “difficult task.” For a full summary of the Dieffenbach decision please see our client alert here.
Russian hackers are accused of penetrating up to 400 Australian businesses in 2017 as part of an alleged state-sponsored cyber-espionage campaign, targeting millions of computers across the world.
The Australian government made the announcement in light of an extraordinary joint statement from the US and UK governments pointing a stern finger at Russia for sponsoring cyber-attacks on government, private organisations, critical infrastructure providers and internet services providers.