Tag: data hacks

1
500,000 car owner records found on dark web
2
Toll’d You So: Cyber Security Incident Cripples Toll’s Supply Lines, Causes Customer Backlash
3
Sorry Sir, Our Data Breach Response Plan is Out of Stock
4
Not so happy families: Online genealogy website suffers data breach
5
US Department of Homeland Security unveils five point strategy to combat cyber risk
6
Family Planning NSW the latest victim of cyber attacks
7
US Court signals that proving data breach class actions will be difficult
8
Russian-backed hacking targets Australian businesses
9
Was your Facebook data taken by Cambridge Analytica? Here’s how to find out
10
Travel-booking site Orbitz hit with major data breach

500,000 car owner records found on dark web

By Cameron Abbott and Keely O’Dowd

Intelligence experts KELA recently announced that almost 500,000 customer records of different car suppliers were being offered for sale on the dark web by hacking group “KelvinSecurity Team”.

According to reports, almost 400,000 UK based BMW customers’ data is being sold on the online black market. This data includes the initials and surnames of car owners, home addresses, email addresses, the names of dealerships and car-registration information. The data of Mercedes, SEAT, Honda and Hyundai car owners also form part of the compromised customer records.

Read More

Toll’d You So: Cyber Security Incident Cripples Toll’s Supply Lines, Causes Customer Backlash

By Cameron Abbott, Warwick Andersen and Max Evans

Further information surrounding the specific details and extent of the security breach suffered by transport and logistics network Toll, which we previously blogged in respect of, have been revealed by the Australian Financial Review.

The crippling ransomware attack, known now as “Mailto” or “Kazakavkovkiz” caused Toll to suspend many of its delivery and tracking systems with a Toll spokesperson indicating that the company needed to suspend up to 500 applications that supported its operations across 25 countries worldwide. In Australia, entities such as Nike, Optus, and Telstra were forced to address a multitude of customer complaints arising out of packages affected by the relevant cyber attack.

Read More

Sorry Sir, Our Data Breach Response Plan is Out of Stock

By Cameron Abbott, Michelle Aggromito and Max Evans

We are living in an era of online shopping, where consumers are more willing to hand over personal information for goods and services, and are less suspicious of whom they are divulging their personal information to. As a result, online businesses are in possession of a vast amount of their customers’ personal information. The recent hack of Sneaker Platform Stock-X reminds us yet again of the importance of businesses maintaining comprehensive and up to date security processes, and in particular, the necessity of having an adequate data breach response plan in place.

Stock-X, a platform for the re-sale of sneakers and apparel, was recently hacked, exposing over six million users’ personal data, including their real name, username, password, shoe size and trading currency. According to a Report by TechCrunch, Stock-X’s initial response was to reset customer passwords, stating that it was due to system updates. A spokesperson for Stock-X later disclosed to TechCruch that Stock-X was alerted to “suspicious activity”. TechCrunch reports; however, an unnamed data breach seller had contacted it claiming more than 6.8 million records were stolen from Stock-X in May, and that the records had been put up for sale and sold on the dark web for $300.

Read More

Not so happy families: Online genealogy website suffers data breach

By Cameron Abbott, Rob Pulham and Sarah Goegan

Online genealogy platform MyHeritage suffered a major data breach in which email addresses and hashed passwords of over 92 million users were leaked. The data breach occurred in October 2017, but was not discovered until 4 June 2018.

MyHeritage became aware of the breach after a security researcher found a file named “myheritage” on a private server. The file contained all the email addresses of MyHeritage users who signed up through to 26 October 2017, and their hashed passwords.

Read More

US Department of Homeland Security unveils five point strategy to combat cyber risk

By Cameron Abbott and Sarah Goegan

This week, the US Department of Homeland Security (DHS) released its Cybersecurity Strategy. The five “pillar” strategy will be executed by the DHS over the next five years, and aims to improve national cybersecurity risk management.

Read More

Family Planning NSW the latest victim of cyber attacks

By Cameron Abbott and Allison Wallace

Up to 8000 clients of Family Planning New South Wales have been affected by a ransomware attack on the NGO’s website. No the sort of records people every want to see disclosed.

The website was hacked on ANZAC Day, with the personal information of clients who had contacted FPNSW  in the past 2 and a half years compromised – including details such as names, contact details and reasons for enquiries.

 

Read More

US Court signals that proving data breach class actions will be difficult

By Andrew C. Glass, David D. Christensen, Cameron Abbott and Matthew N. Lowe

In the US, several attempts at class actions for those affected by a data breach have failed challenges in early procedural stages.  In Dieffenbach v. Barnes & Noble, Inc., 887 F.3d 826 (7th Cir. Apr. 11, 2018), the Seventh Circuit allowed a data breach class action to survive the pleadings stage.  At the same time, the Court indicated that the plaintiffs may have a tough time proving their claims on the merits or establishing that class certification is warranted.  At the end of the day, the Dieffenbach decision may prove to be less of a boon and more of a bust for plaintiffs in data breach class actions.  Although it may provide a means to get into court, the decision makes clear that obtaining a favorable outcome may be a “difficult task.”  For a full summary of the Dieffenbach decision please see our client alert here.

Russian-backed hacking targets Australian businesses

By Cameron Abbott, Allison Wallace and Sarah Goegan

Russian hackers are accused of penetrating up to 400 Australian businesses in 2017 as part of an alleged state-sponsored cyber-espionage campaign, targeting millions of computers across the world.

The Australian government made the announcement in light of an extraordinary joint statement from the US and UK governments pointing a stern finger at Russia for sponsoring cyber-attacks on government, private organisations, critical infrastructure providers and internet services providers.

Read More

Was your Facebook data taken by Cambridge Analytica? Here’s how to find out

By Cameron Abbott and Allison Wallace

Over the last few weeks we’ve been blogging about the data “sharing” scandal that has rocked Facebook, and has lead to a boycott of the popular social media site, and sent CEO Mark Zuckerberg to face the music on Capitol Hill.

In case you’d missed the story (which you can read about here, here and here), Facebook estimated 87 million people globally, including 300,000 Australians, had their data shared with Cambridge Analytica, a political consultancy firm used by US President Donald Trump in his 2016 election campaign.

Read More

Travel-booking site Orbitz hit with major data breach

By Cameron Abbott and Sarah Goegan

Travel-booking site Orbitz confirmed that it has suffered a major data security breach, in which details of up to 880,000 credit cards were compromised.

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.