A data breach occurs when confidential, private, or other sensitive information is accessed without authorisation or is lost. A data breach can occur accidentally, or as a result of a deliberate attack.

O&G (Obstetrics and Gynaecology) – July 2025

• Adelaide women’s health clinic confirms cyber attack | Threat actors have launched a cyber attack on an Australian women’s healthcare centre, claiming to have exfiltrated sensitive patient data.

Qantas – July 2025

• Qantas has confirmed the theft of customer data in a cyberattack | Up to six million customers could be affected by call centre hack, names, email addresses, phone numbers, birth dates, and frequent flyer numbers inpacted.

Vertel – June 2025

• Aussie MSP Vertel confirms Space Bears ransomware attack | Hackers threaten to publish stolen data within days as leak site entry viewed more than 1,300 times.

Pressure Dynamics – June 2025

• WA-based Pressure Dynamics confirms DragonForce ransomware attack | Hackers have published more than 100 gigabytes of data exfiltrated from an Australian hydraulics company.

Skeggs Goldstien – June 2025

• Aussie financial services firm Skeggs Goldstien confirms Qilin ransomware attack | NSW-based financial services firm Skeggs Goldstien has confirmed it is investigating a cyber security incident after the company was listed on a ransomware leak site overnight.

3P Corporation – May 2025

• Melbourne-based 3P Corporation breached by Space Bears ransomware | Financial services aggregate 3P Corporation denies April data breach; however, more than 200 gigabytes of internal documents and customer data have been published online by hackers.

The Legal Practice Board of Western Australia – May 2025

• Legal Practice Board of Western Australia confirms Dire Wolf ransomware attack | “The Legal Practice Board (the board) is currently investigating a cyber incident which has resulted in some of its systems being taken offline, including the board’s online services,”

MKA Accountants – May 2025

• MKA Accountants confirms Qilin ransomware attack | A Victorian accounting firm has been listed as a ransomware victim, with internal documents posted to the dark web.

Australian Human Rights Commission (AHRC) – May 2025

• Personal information exposed by Australian Human Rights Commission data breach | More than 600 submissions to the AHRC were accidentally disclosed online between early April and May.

Watkins Steel – May 2025

• Aussie steel subcontractor Watkins Steel confirms Akira ransomware attack | The Akira ransomware operation has listed Australian firm Watkins Steel on its darknet leak site, claiming to have stolen 17 gigabytes of data in a ransomware attack.

Hertz – April 2025

• Hertz says customers’ personal data and driver’s licenses stolen in data breach | The rental company, which also owns the Dollar and Thrifty brands, said in notices on its website that the breach relates to a cyberattack on one of its vendors between October 2024 and December 2024.

The Fullerton Hotel Sydney – April 2025

• The Fullerton Hotels and Resorts confirms hack impacting The Fullerton Hotel Sydney | Passports and driver’s licences part of a 148-gigabyte data breach impacting luxury Sydney hotel.

Western Sydney University – April 2025

• 10k students impacted by new Western Sydney Uni data breach | Western Sydney University (WSU) is currently investigating a cyber incident after it detected unauthorised access affecting students earlier this year.

REST and AustralianSuper – April 2025

• Hackers target Aussie pensioners in major super fund cyber attack | REST and AustralianSuper are among some of the largest superannuation funds affected by what appears to be a co-ordinated cybersecurity attack on the industry that has cost members money.

Hexicor – April 2025

• KillSec claims ransomware attack on Qld IT services firm Hexicor | Hackers have shared screenshots of customer folders, digital certificates, and a list of hashed passwords and backup data.

13Cabs – April 2025

• 13cabs may have suffered a major data breach | Major Australian cab service 13cabs has published a notice detailing a potential cyber attack after it discovered unauthorised activity on its network.

Vroom by YouX – March 2025

• Thousands of Driver’s Licenses, Bank Documents & PII Exposed in Australian Fintech Data Breach | Cybersecurity Researcher, Jeremiah Fowler, discovered and reported a non-password-protected database belonging to Vroom by YouX — an Australia-based Fintech company that facilitates automotive financing.

• It was immediately reported to Vroom, and the database was restricted from public access and no longer accessible shortly after.

Sydney Tools – March 2025

• Sydney Tools exposes 34m customer records after leaving database unprotected | Major Australian hardware and DIY supply store Sydney Tools has exposed the data of its employees and customers after it left a database publicly accessible.

Department of Communities and Justice – March 2025

• Police investigating major breach on NSW government website | NSW Police are investigating a major breach on a secure online platform on a state government website, with thousands of court documents downloaded.

Australian TFE Hotels – March 2025

• Australian TFE Hotels group admits cyber attack recovery an ongoing process

Brydens Lawyers – March 2025

• Brydens Lawyers suffers alleged 600GB data breach following ransomware attack | Prominent Sydney law firm Brydens Lawyers reveals a serious cyber incident in the wake of a February intrusion into its network.

CISCAL – March 2025

• Aussie laboratory supplier CI Scientific listed by Lynx ransomware | The hackers claim to have stolen 81 gigabytes of data, including information related to human resources at the NSW-headquartered firm.

The Australian New Zealand Clinical Trials Registry (ANZCTR) – March 2025

• Australian clinical trials delayed after cyberattack takes down website for a week

Wendy Wu Tours – March 2025

• Sydney-based tour agency listed by KillSec ransomware gang | Hackers claim to have exfiltrated data – including scans of valid passports – from Australian company Wendy Wu Tours.

Zurich Insurance – March 2025

• Zurich Insurance suffers alleged data breach | A threat actor has claimed a cyber attack on insurance giant Zurich Insurance Group, allegedly having stolen sensitive company data.

Australian adult website – February 2025

• Aussie adult site confirms tens of thousands emails compromised in data leak | Hacker offers 94,000 lines of Australian XXX Reviews member emails for sale on a popular hacking site.

Riverina Medical and Dental Aboriginal Corporation – February 2025

• Aboriginal and Torres Strait Islander healthcare provider confirms cyber incident | Wagga Wagga-based Riverina Medical and Dental Aboriginal Corporation has said it is investigating a cyber incident that may involve personal data; however, the incident has been “contained”.

Pound Road Medical Centre – February 2025

• Hackers publish alleged patient data and CCTV footage following medical centre cyber incident

Genea Fertility – February 2025

• Major Australian IVF clinic has treatments delayed by cyber attack

Brown and Hurley – February 2025

• Lynx ransomware group claims hack of truck dealership Brown and Hurley | The Queensland-based company was listed on the gang’s darknet leak site earlier this month.

Albright Institute of Language and Business – February 2025

• Cyber attack on Australian education centre claimed by KillSec | Threat actors have claimed a cyber attack on an Australian private education institution, claiming to have stolen personal and business data.

Australian National University – February 2025

• Australian National University investigating alleged cyber attack

Regency Media – February 2025

• Akira claims cyber attack on closed Australian media company

Natures Organics – February 2025

• Natures Organics confirms Medusa ransomware attack | Hackers claim to have stolen passport and driver’s licence scans and other personal information from an Australian organic goods producer.

Clutch Industries – January 2025

• Australian automotive manufacturer hit by cyberattack

JB Hi Fi – January 2025

• Threat actor falsely claims leak of 12m JB Hi-Fi records
• BREAKING NEWS: JB Hi FI Denies Massive Cyber Attack Claim

Christian Community Aid – January 2025

• Space Bears ransomware gang claims hack of Christian Community Aid

Muswellbrook Shire Council – January 2025

• Muswellbrook Shire Council confirms December ransomware attack | Council warned of a cyber incident last month, but ransomware gang SafePay has since published 175 gigabytes of stolen data.

Unique Cars and Parts – January 2025

• RipperSec targets Australian rare car part website | Another Australian organisation has allegedly suffered a cyber incident at the hands of the RipperSec hacking group, which targeted the website of a car part website.

Novati Constructions – January 2025

• Lynx ransomware targets Australian construction company Novati | Hackers say they have stolen records of “contracts, financial data, [and] incidents” from a Sydney-based firm.

University of NSW – January 2025

• RipperSec claims cyber attack on UNSW physics website | The RipperSec hacking group has announced a cyber attack on a University of NSW website, continuing its ongoing campaign against Australia and a number of other nations.

DBG Health – January 2025

• Ransomware gang claims responsibility for August hack of DBG Health | Newcomer Morpheus says it was behind an August 2024 compromise of an Australian pharmaceuticals and healthcare firm, posting employee passport scans to the dark web as proof.

Globelink – January 2025

• Qilin ransomware operation claims hack of Aussie freight forwarder | The hacking group has said it has stolen almost 30,000 files from Globelink International following an alleged December hack.

Austin’s Financial Solutions – January 2025

• Kairos ransomware claims hack of Austin’s Financial Solutions | Hackers have stolen and published 147 gigabytes of data belonging to an NSW wealth management firm.

ARDEX Australia – January 2025

• ARDEX Australia cyber attack claimed by Medusa ransomware | The Medusa ransomware gang has claimed a cyber attack on an Australian tiling, flooring and waterproofing company.

Spectrum Medical Imaging – January 2025

• Sydney medical practice cyber incident claimed by INC Ransom

Evidn – January 2025

• Everest ransomware gang lists Aussie company Evidn as a victim | Hackers claim to have stolen 50 gigabytes from an applied behavioural science firm that works closely with the Queensland government.

Volkswagen – January 2025

• Almost 800k Volkswagen EV owners data exposed

SquareX – January 2025

• SquareX reveals critical breach of Cyberhaven extension | SquareX has revealed a critical browser security incident targeting Chrome Extension developers, leading to a major compromise of Cyberhaven’s browser extension.

MediSecure – January 2025

• Company at centre of data breach revealed

2024 in Numbers

• Who was hacked by whom, and what trends did we see emerge?

CellOPark – December 2024

• CellOPark responds to Brisbane council parking app data breach fears | Data breach fears after parking app’s bizarre emails

WACER & University of Sydney-Based Fresh Produce Safety Centre Australia & New Zealand – December 2024

• Funksec ransomware gang allegedly targets pair of Aussie companies | Ransomware operators share data stolen from a West Australian cleaning supplier and ANZ food safety not-for-profit, but the “leaks” are exceedingly minor.

Waverley Christian College – December 2024

• Waverley Christian College confirms cyber incident after ransomware gang claims attack | The Fog ransomware group claims to have stolen five gigabytes of data from the exclusive Victorian school.

Ainsworth Game Technology – December 2024

• Medusa claims 852.4GB of data stolen from Ainsworth Game Technology | The Medusa ransomware group has claimed a ransomware attack on an Australia-operated digital slots and gaming machine manufacturer.

Thanks for the Help (TFTH) – December 2024

• KillSec ransomware claims breach on Australian educational support platform | Threat actors have claimed a ransomware attack on Australian private educational support firm Thanks For the Help (TFTH).

Nicholsons Solicitors – December 2024

• Alleged hack on Qld firm exposes unprotected data | A ransomware gang claimed it has a raft of client documents that was left unprotected when a Queensland law firm closed its doors.

Equinox – November 2024

• Equinox discloses data breach involving health info of clients, staff

Amazon – November 2024

• Amazon says employee data impacted in third-party breach
• MOVEit vulnerability sees Amazon, McDonald’s, HSBC, and more employee data leaked

Coroners Court of Victoria and Tasmanian Chamber of Commerce and Industry – November 2024

• NoName targets at least 9 Australian organisations, Victorian Coroners Court confirms incident | The infamous NoName ransomware gang has claimed cyber attacks on a number of Australian organisations and government agencies.

Finsure – November 2024

• Aussie mortgage broker Finsure confirms ‘cyber incident’ impacting customers and brokers | Finsure has confirmed the incident after “almost 300,000 unique” alleged Finsure emails were added to the data leak website Have I Been Pwned.

Telstra – November 2024

• Alleged Telstra employee data listed for sale by threat actor | The threat actor claims to have the data of over 44,000 employees.

Snow Brand Australia- November 2024

• Snow Brand Australia confirms SafePay ransomware attack | The Australian arm of a Japanese dairy company confirms hack by a newcomer ransomware operation, limited employee data compromised.

ASIC/Waive – November 2024

• RansomHub hits ASIC compliance firm in alleged cyber attack | Notorious ransomware gang RansomHub has claimed an attack on the Australian Securities and Investments Commission (ASIC) compliance platform Waive.

ADT Freight Services – November 2024

• ADT Freight Services listed as alleged victim by Sarcoma ransomware gang

Micon Office National – November 2024

• Wollongong-based Micon Office National confirms ransomware attack

JewishCare – November 2024

• NSW healthcare provider JewishCare suffers comprehensive data breach

Followmont Transport – November 2024

• Followmont Transport confirms ‘unauthorised access to our systems’

Schneider Electric – November 2024

• Schneider Electric allegedly suffers second cyber attack, data published on X

CISCO – November 2024

• Cisco confirms cyber attack but says systems not breached

Goodline – November 2024

• Australian firm Goodline confirms RansomHub cyber attack | Australian engineering, construction and maintenance services company Goodline has confirmed with Cyber Daily that threat actors launched a cyber attack on its systems.

Nokia – November 2024

• Nokia source code allegedly stolen in third-party cyber attack

ANU Enterprise – November 2024

• Australian not-for-profit ANU Enterprise (ANUE) has confirmed a ransomware attack on its systems

Australian Nursing Home Foundation – November 2024

• 1.5TB allegedly stolen in Australian Nursing Home Foundation cyber attack

IBM – October 2024

• IBM staff data allegedly leaked in cyber attack | Threat actors claim to have accessed IBM’s network, exfiltrating employee data and publishing it on a popular threat forum.

Ultra Tune – October 2024

• Major Australian mechanic Ultra Tune suffers alleged cyber attack

NAB, Vodafone and Microsoft – October 2024

• NAB, Vodafone and Microsoft listed in alleged Cisco data breach | Threat actors have claimed a cyber attack on US technology multinational Cisco, claiming to have exfiltrated data belonging to a number of major organisations

The Plastic Bag Company – October 2024

• The Plastic Bag Company falls victim to Sarcoma ransomware attack

eVisa Indonesia – October 2024

• Passport details of Australians travelling to Bali exposed in e-visa glitch

The Internet Archive – October 2024

• Internet Archive down, claims ‘catastrophic’ data breach impacting 31m
• What is the Internet Archive, and what could a full-scale hack on its data mean?
• Internet Archive suffers third October cyber attack

Meshworks – October 2024

• Australian steel fabricator Meshworks suffers alleged Sarcoma ransomware attack | The Sarcoma ransomware gang has claimed to have breached the network of Australian steel fabricator Meshworks.

Western Sydney University – October 2024

• Western Sydney University suffers cyber attack, personal data compromised

MoneyGram – October 2024

• MoneyGram confirms data breach after major outage | Global transfer giant loses IDs, transaction details
• MoneyGram says hackers stole customers’ personal information and transaction data

Internet Archive – October 2024

• Internet Archive down, claims ‘catastrophic’ data breach impacting 31m

The Plastic Bag Company – October 2024

• The Plastic Bag Company falls victim to Sarcoma ransomware attack

Perfection Fresh – October 2024

• Aussie fresh produce company Perfection Fresh confirms ransomware attack

Qantas – October 2024

• Qantas customer passports at risk following frequent flyer cyber theft

Road Distribution Services – October 2024

• WA firm Road Distribution Services hit by Sarcoma ransomware

Strike Bowling – October 2024

• Aussie owner of Strike Bowling and other venues confirms ransomware attack

Deloitte – October 2024

• Deloitte internal communications allegedly leaked, firm says client data currently safe

Fortinet – September 2024

• Fortinet breach exposes 440GB of data; no ransom paid

Bloom Hearing Specialists – September 2024

• Tens of thousands hit by data breach to Bloom Hearing Specialists

I-MED – September 2024

• Data breach exposes tens of thousands of patient files using details shared online for a year

digiDirect – September 2024

• 304k customer records allegedly stolen from Australian camera and electronics store

Nikpol – September 2024

• RansomHub publishes data stolen from Aussie interior solutions firm Nikpol

Dell – September 2024

• Dell allegedly breached twice in 1 weekend

Temu – September 2024

• Temu denies 87m record data breach claims

Total Tools – September 2024

• 38,000 Total Tools shoppers compromised in data leak

Compass Group – September 2024

• Sydney-based Compass Group confirms Medusa ransomware attack

Power Diary – September 2024

• Patients sent spam emails in practice software breach

Fortinet – September 2024

• Fortinet suffers third-party data breach affecting Asia-Pacific customers
• PODCAST: Fortinet hacked, a data breach in New Zealand, and new privacy laws in Australia

BSG Australia – September 2024

• RansomHub claims Aussie fundraising outfit as alleged victim

Avis – September 2024

• Avis car rental suffers cyber attack affecting customer data

Protecta Australia – September 2024

• Protecta Australia allegedly hacked, database listed for sale

White Mountain Backpacks – September 2024

• Rhysida lists Aussie outfitter White Mountain Backpacks as ransomware victim

Swinburne University – September 2024

• Swinburne University confirms its Sarawak Campus has been hacked

Australian Cancer Research Foundation – September 2024

• Australian Cancer Research Foundation informs donors of ‘data security incident’

Bloom Hearing – August 2024

• National hearing services provider hit by ransomware attack

Regent Caravans – August 2024

• Melbourne-based Regent Caravans confirms RansomHub attack

All Parks Insurance – August 2024

• Australian specialist underwriting agency hit by alleged ransomware attack

Meli – August 2024

• Aussie not-for-profit community support service Meli confirms cyber attack

Myelec Electrical Wholesalers – August 2024

• Lynx ransomware claims attack on Australian electrical wholesaler

Engedi – August 2024

• Rhysida ransomware gang claims hack on disability support organisation Engedi

Adreno – August 2024

• Hacker claims successful hack of Adreno, the ‘world’s largest dive store’

Evolution Mining – August 2024

• Australia’s Evolution Mining targeted in latest cyber attack

FlightAware – August 2024

• Flight tracking service FlightAware warns users of ‘data security incident’

Hudson Civil Engineering – August 2024

• RansomHub claims hack on Aussie company Hudson Civil Engineering

Kempe Engineering – August 2024

• Victorian firm Kempe Engineering listed on RansomHub leak site

Life360 – August 2024

• Life360 breach exposes 442,000 users: experts warn of API vulnerabilities

Western Sydney University – August 2024

• Personal information accessed as part of WSU data breach
• Western Sydney University reveals full scope of January data breach
• Western Sydney University provides update on cyber breach that affected thousands
• ‘Outrageous’: Students fume over massive university data breach

Early Settler – August 2024

• Australian furniture retailer Early Settler confirms data breach

McDowall Affleck – August 2024

• Aussie engineering firm confirms RansomHub ransomware attack

Insula Group – July 2024

• Victorian IT services company Insula confirms BianLian ransomware attack

Wattle Range Council – July 2024

• South Australian council confirms LockBit ransomware attack

Healthed – July 2024

• Healthed data breach exposes personal details
• Healthed data breach exposes participant information

City of Ballarat/OracleCMS – July 2024

• Data security incident involving after-hours service provider

Roblox – July 2024

• Roblox third party suffers data breach, conference attendees affected
• Data Breach Exposes Roblox Creators’ Personal Info

Royal Brighton Yacht Club – July 2024

• Victoria’s Royal Brighton Yacht Club confirms Medusa ransomware attack

MediSecure – July 2024

• Company at centre of data breach revealed
• MediSecure confirms 12.9 million Australians impacted by May data breach
• MediSecure data breach affects about 12.9 million Australians
• MediSecure confirms 12.9m Australians impacted by May data breach

Optimum Allied Health – July 2024

• Cyber Incident Update
• Optimum Allied Health data breach

Harry Perkins Institute of Medical Research – July 2024

• Exclusive: 4TB of data allegedly leaked in Australian healthcare breach
• Medical research group Harry Perkins Institute investigates major cyber security breach

Evolve Bank & Trust – June 2024

• 7.6m impacted in Evolve breach, Wise customers affected

Team Viewer – June 2024

• TeamViewer detects data breach as researchers attribute it to APT29

Yarra Council – June 2024

• Yarra council in ‘serious’ double data breach after online leak

Levi’s Strauss & Co – June 2024

• Levi’s customers have pockets picked as cyber attack affects 72,000

Hey You – June 2024

• Exclusive: Aussie order-ahead app Hey You hit by an alleged data breach affecting more than 100k

Victorian Auditor-General’s Office – June 2024

• Vic gov supplier bank details altered in cyber attacks

North Coast Petroleum – June 2024

• Exclusive: Medusa claims hack of Aussie fuel distributor North Coast Petroleum

Victoria Racing Club – June 2024

• Exclusive: Medusa ransomware gang demands US$700k payment from Victoria Racing Club

Northern Minerals – June 2024

• Second Australian rare-earth mineral company targeted in cyber attack

Legrand CRM – June 2024

• Hunters International claims attack on Australian CRM provider

City of Moreton Bay – June 2024

• City of Moreton Bay council launches investigation as private ratepayer information leaked online

Patties Food – June 2024

• Op-Ed: Patties Foods’ ‘data leak’ proves cyber reporting needs to do better

Victorian Freight Specialists – June 2024

• Victorian Freight Specialists suffers alleged 800+GB data breach

Panasonic Australia – June 2024

• Panasonic Australia confirms cyber incident following Akira ransomware claim

Northern Minerals – June 2024

• Aussie rare-earth metals producer Northern Minerals confirms ransomware attack

Ticketek – May 2024

• Ticketek discloses cyber incident on external cloud platform

Shell – May 2024

• Aussies affected in alleged Shell fuel data breach

Ticketmaster / Live Nation – May 2024

• Hackers claim Ticketmaster/Live Nation data breach, more than 500m compromised
• Live Nation probing Ticketmaster hack

Advance Press – May 2024

• Aussie printing company suffers alleged 300Gb data breach

Nissan Oceani | OracleCMS – May 2024

• Nissan A/NZ’s outsourced cyber incident call centre breached

MediSecure – May 2024

• OAIC releases statement on MediSecure data breach

Western Sydney University (WSU) – May 2024

• Western Sydney University discloses data breach, 7,500 ‘impacted individuals’ notified

XM Group – May 2024

• Sydney investment firm suffers alleged data breach affecting more than 400k customers

Architects Accreditation Council of Australia (AACA) – May 2024

• OAIC Incident Closure – Third-Party Data Breach

Unnamed Australian Healthcare Organisation – May 2024

• NCSC warns of “large-scale ransomware data breach incident” at Australian healthcare org

SUMO – May 2024

• Exclusive: Australian energy and internet provider Sumo confirms customer data breach

Dell Computers – May 2024

• Dell warns of data breach affecting 49m customers

Monash Health – May 2024

• Monash Health caught up in ZircoDATA ransomware data breach

Clubs NSW – May 2024

• Cybercrime detectives investigating potential data breach affecting more than 1 million NSW clubs and Merivale customers
• Data & Privacy Breach: 18 NSW Club’s Sign-In Data Exposed – Possibly 1 Million People Affected
• Data breach: More than one million Aussies who visited ClubsNSW venues at risk of identity theft

Data Breach Tsunami Hits Australia

• Records shatter with 388% spike in Q1 2024

Qantas – May 2024

• Qantas breach exposes customer booking details
• Qantas investigating reports customers have access to other passengers’ information on app
• Qantas customers report privacy breach on airline’s app

SSS Australia – April 2024

• SSS Australia falls victim to Hunters International ransomware gang

Mt Hira College – April 2024

• Mt Hira College suffers alleged student email data breach

Ambulance Victoria – April 2024

• Paramedics’ mobile numbers ‘exposed’ in data breach

Firstmac – April 2024

• Firstmac hackers claim tax file numbers

Aussizz Group – April 2024

• Aussizz Group data breach
• Aussizz Group Data Breach

OracleCMS – April 2024

• Huge trove of Australian client data leaked following OracleCMS call centre hack
• Vic councils’ after-hours call answering service breached
• Victorian councils’ call service affected by OracleCMS breach

Smoke Alarm Solutions – April 2024

• Homeowners urged to be vigilant for scams after ‘shocking’ data breach at major smoke alarm provider
• Australians ‘exposed’ in smoke alarm service provider data breach: report

DJI – April 2024

• DJI suffers alleged data breach at the hands of R00TK1T

Pandemonium Rocks – April 2024

• Data breach rocks troubled Pandemonium Rocks music festival
• Pandemonium Rocks Music festival hit by new blow as more than 400 ticket holders caught up in data breach

Telstra Opticomm – April 2024

• Telstra Opticomm customer data exposed in leaked file

BHF Couriers – April 2024

• BHF Couriers denies credit card data breach

Roku – April 2024

• Roku suffered another data breach, this time affecting 576,000 accounts

Herron Todd White – April 2024

• Valuation firm HTW suspended by banks after data breach
• HTW employee details may have been compromised in valuer data breach

Suncorp Bank – April 2024

• Suncorp’s bank suffers breach, customer funds stolen

Diabetes WA – April 2024

• Diabetes WA reveals data breach
• Diabetes WA is the latest hacked Australian healthcare organisation

Motorcycle Holdings – April 2024

• Australian motorcycle distributor sees websites breached
• Cyber attack knocks the kickstand out from ASX-listed motorcycle distributor

Aussizz Group – April 2024

• 300GB allegedly stolen from Australian immigration consultancy

Nova Employment – March 2024

• Nova Employment is a non-profit organization that provides training, support, and placements to individuals with disabilities.

Vans – March 2024

• Vans warns customers of scammers following ALPHV data breach

Fujitsu – March 2024

• Tech giant Fujitsu says it was hacked, warns of data breach

IMF – March 2024

• IMF investigates data breach affecting email accounts | The International Monetary Fund (IMF) has disclosed a cyber incident it discovered last month, in which a number of its email accounts were breached.

McDonald’s – March 2024

• McDonald’s denies cyber attack was cause of global outage

ACT Container Deposit Scheme – March 2024

• Hackers attempt to transfer money from ACT’s container deposit scheme again, in a repeat of a similar attempt in January 2023.

OAIC Notifiable Data Breaches Report – March 2024

• What the latest OAIC Notifiable Data Breaches Report means for you

American Express – March 2024

• Customers exposed in third-party breach | American Express customers are being notified that their account information may have been exposed after a third party suffered a data breach.

Royal Australian College of General Practitioners – March 2024

• Phone numbers, education details stolen in RACGP cyber security breach

Nissan – March 2024

• Nissan contacting 100,000 A/NZ customers after December breach

GaP Solutions – March 2024

• GaP Solutions bit by LockBit ransomware attack | The Australian retail software vendor responds to cyber attack from resurrected ransomware gang.

HVD.HOST – March 2024

• Raft of Australian companies compromised in hosting service hack | The Black Basta ransomware gang has posted details of a hack affecting nearly a dozen Australian organisations.

ZircoDATA – February 2024

• Important Update From ZircoDATA – Cyber Matter

Epic Games – February 2024

• Fortnite game developer Epic Games allegedly hacked | A ransomware gang claims to have nearly 200 gigabytes of internal data, but Epic Games says there is no evidence of any compromise.
• Epic Games ‘hacker’ Mogilevich admits it was a scam operation

The Department of Communities – February 2024

• Whistleblower reveals Department of Communities’ failure to revoke credit card access for ex-employees

Hacker offers the personal details of 25m Aussies for sale – February 2024

• Hacker offers the personal details of 25m Aussies for sale

Microsoft – February 2024

• Microsoft patches 80 vulnerabilities | Two bugs under exploit, plus other critical patches

Microsoft Azure – February 2024

• Senior executives affected in largest observed Microsoft Azure data breach | A Microsoft Azure cloud takeover campaign has resulted in the largest data breach ever seen by the platform, compromising hundreds of accounts, including those of executives, according to a new report.

Villis Bakery – February 2024

• Hackers target iconic South Australian company Vili’s Family Bakery

Tangerine Telecom – February 2024

• Tangerine Telecom says customer data of 232,000 affected by ‘cyber incident’
• 232,000 customers exposed in Tangerine security breach
• Internet provider Tangerine suffers cyberattack
• CBA-owned Tangerine Telecom in mass data breach

Kadac Australia – February 2024

• Kadac Australia hit by Medusa ransomware attack, threat group demands $100k

Balmain – February 2024

• Lender’s website down 10 days after major hack

Australian Human Resources Institute – February 2024

• Australian Human Resources Institute warns customers of cyber attack | AHRI has sent out emails warning of malware that could have been spreading fake browser updates

AnyDesk – February 2024

• AnyDesk resets passwords after breach
• AnyDesk Hit by Cyberattack That Targeted Production Systems
• AnyDesk revokes signing certs, portal passwords after crooks sneak into systems
• AnyDesk says hackers breached its production servers, reset passwords
• AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web

Elite Supplements – February 2024

• Customer data stolen in major Australian supplement brand cyber attack

Cloudflare – February 2024

• Cloudflare server breached using old credentials from previous attack

Europcar – February 2024

• Europcar denies alleged data breach affecting 50m

Central Coast Council – February 2024

• Central Coast Council cyber attack could affect people nationwide

Football Australia – February 2024

• Personal data exposed in Football Australia data leak after database left accessible

Canberra Medical Centre – January 2024

• Patient data hacked at Canberra medical centre

LinkedIn, Adobe, Twitter and More – January 2024

• 26bn records exposed in largest data leak of all time: LinkedIn, Adobe, Twitter and more affected

Quantum Radiology – January 2024

• Hacked Sydney radiologist instructs staff to tell customers hack was a technical fault

Nissan Australia – January 2024

• The Australian and New Zealand Nissan Corporation and Financial Services (“Nissan”) is currently managing a cyber incident. Here is the latest information on our incident response.

Hal Leonard Australia – January 2024

• Print music giant Hal Leonard Australia falls victim to Qilin ransomware

Binge, Dan Murphys, Guzman y Gomez, The Iconic -January 2024

• Hackers target Binge, The Iconic, Dan Murphy’s customers following Australian data breaches
• Guzman y Gomez, Dan Murphy’s customers affected in credential stuffing campaign

Labour – January 2024

• Labor hit by major government data breach, millions of files stolen from key departments

The Iconic – January 2024

• The Iconic responds to hacking claims, promising refunds to customers
• The Iconic promises to issue refunds to hacked customers
• The Iconic And A Melb Travel Agency Become Target Of Cyber Hacks Impacting 1000s Of Aussies
• The Iconic denies responsibility for data breach
• The Iconic was hit by criminals taking money by ‘credential stuffing’. How can you stay safe?

Inspiring Vacations – January 2024

• Australian travel agency exposes customer data after leaving database publicly accessible
• Passports, travel documents exposed in data breach
• Inspiring Vacations Hit by Significant Data Breach: 112,000 Travelers Affected
• Australian travel agency hit by data breach, leaking passport and travel details of thousands of customers
• Personal information of more than 112,000 people exposed in data breach
• Australian travel agency exposes customer data after leaving database publicly accessible

Court Services Australia – January 2024

• Victorian court systems allegedly breached by Qilin ransomware gang | Victoria’s courts have been hit by a cyber attack allegedly at the hands of Russia-based hackers.
• Hackers hit Victoria’s court recording database

Yakult Australia – January 2024

• Yakult Australia confirms cyber incident | Investigating extent of system and data access by threat actor.

Eagers Automotive – January 2024

• Eager Automotive halts trading following cyber attack | Australian vehicle dealership giant Eagers Automotive has announced that it suffered a systems outage as a result of a cyber attack.
• Customers warned after major car dealership group Eagers Automotive hacked
• LockBit 3.0 Claims Attack on Australian Auto Dealer Eagers
• Eagers Auto says outsiders accessed data from IT servers
• Eagers Automotive finds unauthorised access to parts of IT systems

23andMe – December 2023

• The 23andMe Data Breach Keeps Spiraling | 23andMe has provided more information about the scope and scale of its recent breach, but with these details come more unanswered questions.
• Genetic testing firm 23andMe admits hackers accessed DNA data of 7m users | US company says ‘threat actor’ responsible for security breach that affected nearly half of its 14m reported users
• 23andMe confirms hackers stole ancestry data on 6.9 million users
• 23andMe Blames Data Breach Victims For Weak Passwords

NSW Eastern Suburb Libraries – December 2023

• Woollahra Council, Double Bay, Paddington and Watsons Bay | Thousands of residents in affluent Sydney suburbs affected by cyberattack

Yakult Australia – December 2023

• Yakult Australia targeted in cyber attack, employee files published on dark web

TikTok – December 2023

• TikTok Data Breaches: Full Timeline Through 2023
• TikTok privacy breach allegations under spotlight

St Vincent’s Health – December 2023

• St Vincent’s Health network hit by cyber attack, with data stolen
• St Vincent’s Health says data stolen in cyber attack
• Data stolen in hack on national health provider St Vincent’s
• Revealed: St Vincent’s hackers got in with compromised accounts
• St Vincent’s cyberattack work of sophisticated criminals, say investigators
• St Vincent’s Health suffers data breach in cyber attack
• Media Statement – Cyber incident update
• Revealed: St Vincent’s hackers got in with compromised accounts
• St Vincent’s Health Australia warns cyber attack forensics could “take some time”

Melbourne Arts Centre – December 2023

• Cyber Incident – Data Breach

Qld Rural Fire Service – December 2023

• Former QFES contractor investigated over alleged Rural Fire Service information breach

University of Wollongong – December 2023

• University of Wollongong discloses data breach

ASIC – December 2023

• ASIC experiences four error-caused data breaches since start of 2022

The Department for Child Protection said Aboriginal Family Support Services (AFSS) – December 2023

• Aboriginal child protection service contracted by SA government hit by data breach

Top Health Doctors West End – December 2023

• Clinic’s data breach a reminder to bolster security | The personal details of more than 5000 patients may have been ‘compromised’ after a Brisbane medical centre’s email account was breached.

Certis Security Australia – November 2023

• Certis Security Australia suffers email breach | Customers not affected.
• Okta’s data breach bigger than first thought – All customer service contact details leaked.

Australian Clinical Labs – November 2023

• Sexual health and fertility details leaked in ACL data breach

NDIA – November 2023

• NDIA detects data breach | The National Disability Insurance Agency (NDIA) has detected a data breach involving the alleged unauthorised disclosure of the personal details of some National Disability Insurance Scheme (NDIS) participants and related parties.
• Two charged following fraud investigations

Samsung – November 2023

• Samsung says hackers accessed customer data during year-long breach

Australian Signals Directorate’s 2022/23 Cyber Threat Report – November 2023

• ASD Cyber Threat Report 2022-2023

DP World – November 2023

• Fears of significant delays after ‘cyber security incident’ shuts down major port operator
• Australian ports operator suffers ‘cyber security incident’
• Ports to remain closed as AFP investigates cybersecurity breach
• Australian Government Monitors Significant Stevedore Cyber Attack
• DP World Australia back online after cyber incident
• Australian port operator DP World hit by cyber attack | Movement of goods now slowly resuming.

TissuPath – November 2023

• TissuPath data breach victim upset by delayed notification

Alfred Health – November 2023

• HIV patient ‘stunned’ after his medical record accessed in Alfred data breach
• The Alfred CEO ‘can’t guarantee’ alarming data breach is an isolated incident

Digital Patient Pathways – October 2023

• SA patient health info deleted in third-party app breach

Personify Care – October 2023

• Details of thousands of patients have been accessed in a data breach | SA Health patients caught up in data breach of third-party platform Personify Care
• SA Health patient records accessed in data breach of third-party system Personify Care

Super SA – October 2023

• Super SA discloses third-party data breach

Royal Women’s Hospital Parkville – October 2023

• Personal data of almost 200 patients exposed in hack of Melbourne hospital staff member’s email

Sony – October 2023

• A ransomware group is claiming they’ve breached Sony’s systems and stolen data [updated]
• Over 6,000 individuals hit in Sony data breach: reports

Network Pacific Real Estate – October 2023

• Ransomware gang posts 30GB of data it claims belongs to Victorian real estate group

HWL Ebsworth – September 2023

• Scale of HWL Ebsworth hack revealed: 2.5m files, 65 agencies
• HWL Ebsworth says ‘business as usual’ after hack
• RBA, AFP, AusPost caught up in law firm hack | List of affected government entities finally revealed.
• Albanese government loses national security information in data hack
• Full list of government agencies affected by HWL Ebsworth hack revealed

Pizza Hut – September 2023

• Pizza Hut says customer data breached in cyber hack
• Pizza Hut Australia customers’ personal details accessed in cyber attack
• Pizza Hut Customers Compromised in Australian Data Breach
• Pizza Hut says nearly two-hundred thousand customers affected by data breach
• Pizza Hut hacked, customer data and orders taken
• Pizza Hut warns customers of possible data breach
• Pizza Hut Australia joins data breaches list | Compromised details were not on the fast food menu

Australian Federal Police, HWL Ebsworth – September 2023

• Federal police caught up in huge law firm data breach
• AFP officer data leaked in cyber breach

Dymocks – September 2023

• Dymocks customer data ‘may have been compromised’
• Dymocks warns customers of data breach after account information leaked on dark web
• Dymocks book store chain warns customer data compromised in security breach
• Dymocks discloses breach after dark web data leak
• 1.2 million customers caught up in Dymocks hack | Names, addresses, and dates of birth breached
• Dymocks confirms details of 1.2 million customers shared on dark web in data breach
• Dymocks links data breach to “external data partner”
• Dymocks CEO Outlines Details of Data Breach
• Dymocks breach happened while changing providers | Says it will only store the ‘bare minimum’ data in future

University of Sydney – August 2023

• University of Sydney caught up in third-party data breach
• Cyber incident

American Express – August 2023

• American Express confirms data leak of APAC employee details

Pareto Phone – August 2023

• Multiple Australian charities have had donor information leaked onto the dark web
• Australian Conservation Foundation says data of 13,500 donors caught up in Pareto Phone hack
• Charity donor details leaked to dark web after Pareto Phone breach
• Amnesty International latest victim of widening telemarketer breach
• Thousands of charity donors have data leaked on dark web after telemarketer hack

auDA – August 2023

• Hackers claim to have breached auDA | Domain administrator investigating

Tesla – August 2023

• Tesla says two ex-employees behind May data breach
• Tesla blames 2 former staff for data breach affecting 75k

Judo Bank & REX – August 2023

• Judo Bank and REX company caught in data breach

Department of Veterans’ Affairs – August 2023

• Government shared veterans’ medical data

Top 10 Countries Being Bombarded by Data Breaches – August 2023

• The Top 10 Countries Being Bombarded by Data Breaches

MOVEit – August 2023

• MOVEit hack spawned over 600 breaches
• PwC client hit in housing industry data hack

ChatGPT – July 2023

• ChatGPT data leaks most commonly involve source code: report

Victorian State Government – July 2023

• Prom camping chaos continues with data breach, say Nationals

myGov – July 2023

• ATO attackers filed $557 million in false claims | myGov accounts faked using breached identities
• Fraud Enabled by MyGov ‘Security Gap’ Costs Australian Taxpayers $500 Million

NDIS | HWL Ebsworth – July 2023

• The NDIA lists exposure to HWL Ebsworth data breach
• NDIS participants distressed after data caught up in HWL Ebsworth breach
• PWDA Addresses NDIS Data Breach Incident
• National Disability Insurance Scheme hit by law firm’s data breach | Individuals who engaged with the legal business could be affected
• PWDA Responds to NDIS Data Breach

Paypal – July 2023

• Byron Bay woman’s data breach nightmare exposes risks of ‘credential stuffing’. So how do you avoid it?

Department of Home Affairs – July 2023

• Home Affairs Inadvertently Leaks Personal Data of 50 Small Businesses

SA Liberal Party – July 2023

• Libs hack a mystery as cops probe ‘European gang’ theory

Parks Victoria – July 2023

• Parks Victoria online system crashes causing concerns of potential data breach

Notifiable Data Breaches Report July to December 2023

• This report captures notifications received under the NDB scheme from 1 July to 31 December 2023.

Perpetual – June 2023

• Perpetual security incident spreads; client data compromised

LG Energy Solution Australia & Solar Service Guys – June 2023

• LG Energy Solutions Australia and Solar Service Guys Respond to Data Breach Allegations

Australian Defence Force – June 2023

• Russian cyber hackers compromise top-secret defensive data in historic breach

SmartPay – June 2023

• SmartPay investigates data breach

PwC – June 2023

• PwC caught up in global data breach, ASX closes up on Woolworths and CSL gains — as it happened
• PwC victim of massive data hack

Port Arthur Library – June 2023

• Human error, not data breach, behind Port Arthur staff information appearing ‘live’ on library website

ACT Government – June 2023

• ACT government hit by cyber security breach

Fire Rescue Victoria – May 2023

• Fire Rescue Victoria’s cyber-hack response a ‘lesson in how not to communicate’

SuperVPN – May 2023

• A data breach on a free VPN service has led to 360 million records being exposed to the public, according to a new report.

NT Government – May 2023

• Thousands of identifiable NT patient health files sent to overseas-based software vendor in government data breach
• Patients told to contact NT Health following privacy breach of identifiable medical records

Toyota – May 2023

• Toyota confirms decade-long data breach
• Toyota Data Breach exposed 10 years’ worth of data for over 2m customers
• Toyota data breach: Millions of Japanese owners affected, Australia safe for now
• Toyota confirms some Australian owners affected in unprotected data event
• Toyota Australia customers victim of data breach
• Toyota does U-turn, confirms thousands of Australian customers hit by latest data breach
• Australian Toyota customers caught up in global data breach
• Toyota apologizes after additional data breach, expands investigation
• Toyota says some customers in Asia, Oceania face risk of data leak

Ambulance Victoria – May 2023

• Employee records exposed in Ambulance Victoria data breach
• Ambulance Victoria apologises after data leak
• Paramedics’ drug and alcohol history exposed in Victorian data breach

Medibank – May 2023

• Health care giant Medibank sued over data breach that affected 9.7m people
• Medibank hit with fresh class action after data hack
• Medibank’s staff details stolen after property manager faces cyber breach

HWL Ebsworth – May 2023

• HWL Ebsworth suffers data breach
• Russian-linked hackers taunt HWL Ebsworth over data breach, claim to have published files to dark web
• HWL Ebsworth data breach
• Tasmanian Government may be caught up in another data breach
• HWL Ebsworth data breach
• HWL Ebsworth data breach: Hackers claim huge data leak
• Ebsworth data breach

NAB Business & Consumer Insights – April 2023

• Cyber Security Attacks & Scams (April 2023)

Amnesty International Australia – April 2023

• Amnesty International Australia Suffered a Data Breach in December, but Says Everything is Now Fine

Optus – April 2023

• Optus data breach class action launched for millions of Australians caught up in cyber attack
• ‘Wake-up call for corporate Australia’: 100,000 people join Optus data breach class action
• Class action launched against Optus over 2022 data breach
• Optus sued by ‘vulnerable’ victims of data breach

Afterpay – April 2023

• Afterpay shareholders sue Dorsey’s Block for breach disclosure

Spruson and Ferguson – April 2023

• IPH reveals data breach originated from member firm
• IPH reveals data breach originated from subsidiary’s systems
• Australia’s IPH reveals data breach originated from member firm’s systems

Coles – April 2023

• Coles confirms its customers impacted by Latitude Financial data breach – ABC News
• Coles credit card customers exposed in Latitude data breach

Service NSW – April 2023

• Service NSW ‘technical issue’ may have exposed data of 3700 customers
• Service NSW breach exposes personal data affecting thousands of customers

MSI – April 2023

• MSI confirms cyber attack | Says “no significant” financial impact.

TAFE – April 2023

• TAFE data breach uncovered by SA Police | Credentials for 2224 students stolen

Tasmanian Government – March 2023

• Tasmanians affected by security breach of third-party file transfer service
• Tas gov says 16,000 documents leaked in GoAnywhere breach | Financial invoices and statements
• Major data breach in Tasmania exposes 16,000 documents online
• Names, addresses and bank account details potentially at risk after hack, Tasmanian government says
• Minister confirms 16,000 documents released online in Tasmanian data breach, helpline set up

Meriton – March 2023

• Hotel and property giant Meriton hit by data hack, personal documents may be at risk
• Bank details, birth certificates potentially hacked in Meriton data breach
• Private financial, health information exposed in Meriton data breach

Crown Resorts – March 2023

• Crown Resorts investigating potential data breach after being contacted by hacking group
• Crown Casinos investigates as ransomware group claims to have breached data

Canberra Health Services – March 2023

• Health worker sacked over ‘serious breach’ of patients’ privacy as ACT government investigates data misuse
• Private records of some Canberra Health Services patients ‘deliberately’ sent to industrial partner
• Explainer: What we know about the privacy breach at Canberra Health Services

iD Tech – March 2023

• Kids tech camp iD Tech still silent weeks after data breach

Rio Tinto – March 2023

• Rio Tinto says staff’s personal data may have been hacked in memo after an attack on GoAnywhere software
• Rio Tinto staff’s personal data, payslips may be affected by hack
• Rio Tinto’s Australian staff may have had personal data stolen in hack

QIMR Berghofer – March 2023

• Australia’s largest skin cancer study hit by data breach

Latitude – March 2023

• Latitude Financial warns customer data breach could widen and hack ‘remains active’
• Latitude Financial breach impacts 225,000 customers | Staff logins used to attack third-party service providers.
• Latitude customers are furious: some have had data hacked before through Medibank and Optus
• Latitude Financial Scrambles to Contain Large Data Breach
• Latitude Financial Hacked Impacting 328,000 Customers In Australia’s Latest Data Breach
• Latitude Financial hit by cyber attack, more than 300,000 identity documents stolen
• Latitude Financial data breach widens as fears over copies of driver’s licences grow
• If you have had your NSW driver licence details exposed in the Latitude Financial data breach you may need to replace your card

NSW Health – March 2023

• NSW Health has revealed itself to have been affected by the recent Frontier Software data breach

CBA – March 2023

• CBA hit by cyberattack in Indonesia

The Good Guys – February 2023

• The Good Guys warns of customer data leak | Breach of loyalty program in 2021.
• Historic data breach impacts up to 1.85 million The Good Guys customers
• The Good Guys customers possibly affected by data breach at former third-party provider My Rewards
• The Good Guys Says the Bad Guys Hacked Its Old Rewards System

Guardian Australia – February 2023

• Guardian Australia staff details compromised in cyberattack

JD Sports – February 2023

• Sports clothing retailer JD Sports hit by cyber attack which leaked 10 million customers’ data | The personal data includes names, email addresses, phone numbers and billing addresses.

GoTo – January 2023

• GoTo data breach saw encrypted backups taken

Mount Lilydale Mercy College – January 2023

• Mount Lilydale Mercy College caught up in data breach hack | Parents are being warned their credit card information may have been stolen over the school holidays.
• Hundreds of parents hit by credit card hack at Lilydale school
• More than 11,000 employees, students and former staff affected by cyber attack, QUT says

QUT – January 2023

• QUT confirms personal data of thousands of staff compromised in cyber attack
• QUT alerts staff, students to data breach – After December ransomware attack
• QUT attack breaches data of 11,405 individuals | Extent of Royal attack revealed.

PayPal – January 2023

• PayPal Latest To Suffer Massive Data Breach

Norton LifeLock – January 2023

• Norton LifeLock hit by data breach via password managers
• NortonLifeLock hit by data breach via password managers

Fire Rescue Victoria – December 2022

• Fire Rescue Victoria investigating security incident
• Cyber attack cripples Fire Rescue Victoria | Firefighters resort to mobile phones and radio.

LastPass – December 2022

• Parsing LastPass’ data breach notice

TPG Telecom – December 2022

• TPG Telecom joins list of hacked Australian companies, shares slide

State Office of Victoria – December 2022

• Data breach hits Victoria’s revenue office

LJ Hooker – December 2022

• Real estate agency LJ Hooker hit with data breach

Telstra – December 2022

• Telstra blames privacy breach on ‘database misalignment’ | Published details of unlisted customers online.
• Telstra explains how internal data breach exposed more than 130,000 customers’ details
• Telstra apologises after customer data breach
• Telstra slips up as details of 130,000 customers go online
• Telstra privacy breach sees customer details made public

Twitter – November 2022

• More than 5 million Twitter users at risk after alleged security breach

WhatsApp – November 2022

• WhatsApp denies data leak as company hit by anonymous online threat

The Smith Family – November 2022

• The Smith Family warns supporters of stolen personal data amid hack on Australian charity
• Children’s charity The Smith Family hit by cyberattack

Harcourts – November 2022

• Harcourts Melbourne City real estate agency advises customers of data breach

Victorian Government | PNORS Technology Group – November 2022

• Victoria has ordered an investigation into a potential data breach. Here’s what happened.

BWX (Flora & Fauna) – November 2022

• Credit card details likely exposed in skincare online shopping hack

SSKB – October 2022

• Australian strata company SSKB breached

Microsoft – October 2022

• Microsoft data breach exposes customers’ contact info, emails

AFP – October 2022

• AFP classified documents hacked in data leak, exposing agents fighting drug cartels

Vinomofo – October 2022

• Online wine seller Vinomofo hit in major data breach
• Vinomofo data breach: 500,000 customers at risk after wine dealer hit by cyber-attack

Medibank – October 2022

• Medibank admits personal data stolen in cyber attack
• Medibank Group detects cyberattack, takes several services offline as a precaution
• Medibank receives contact from hackers | Group requests negotiations over customer data.

Woolworths MyDeal – October 2022

• Woolworths MyDeal becomes latest target of cyber attack. What information was leaked and what can you do if you’re affected?
• Woolworths says data of 2.2 million customers of its MyDeal website has been exposed

North Face – September 2022

• 200,000 North Face accounts hacked in credential stuffing attack

Optus – September 2022

• Optus attack exposes customer information | Personal details of 1.1 million customers purportedly offered for sale.

Uber – September 2022

• Teen hacker gets into Uber, announces data breach on chat software
• Uber investigating ‘cyber security incident’ after report of breach | Company forced to shut internal communications and engineering systems.
• Uber Investigating Massive Security Breach by Alleged Teen Hacker
• Uber in ‘unforgivable’ security breach

Fremantle Football Club – September 2022

• Fremantle apologise for AFL data breach

TikTok – September 2022

• TikTok Hacked, Denies Security Breach Allegations
• TikTok denies security breach after hackers claim to have records of more than a billion users

LastPass – August 2022

• Password manager company LastPass reports major security breach | The company – which has more than 25 million users – says hackers stole parts of its source code and other sensitive data.
• LastPass was hacked, but it says no user data was compromised

DoorDash – August 2022

• Aussies’ sensitive details at risk after global data breach | Popular food delivery service DoorDash is investigating whether credit card and contact details of Australians have been leaked.

Facebook – August 2022

• A Facebook glitch has affected users worldwide. So, what went wrong and has there been a data breach?

WA Health – August 2022

• WA Health Department apologises for monkeypox data breach of passengers on flight from Doha to Perth
• Nurse responsible for major monkeypox data breach in Perth
• Health Department under fire as personal details of monkeypox plane passengers sent out in email

Cisco – August 2022

• Hackers Breach Cisco and Steal Data, But Fail to Deploy Ransomware

Twitter – August 2022

• Twitter confirms personal details of millions of account holders compromised
• Twitter says zero-day bug leaked account data
• More than 5 million Twitter accounts impacted by recent data breach

University of Western Australia – August 2022

• Student details, photos exposed in University of WA data breach
• University of Western Australia Student Details Exposed in Data Breach
• University of Western Australia Confirms Student Details Exposed in Data Breach
• University of Western Australia: Police charge man over major UWA data breach

Neopets – July 2022

• A Hacker Is Trying to Sell Data on 69 Million Neopets Users
• The Hackers Who Breached Neopets Were Inside Its IT Systems for 18 Months

Uber – July 2022

• Uber confesses it covered up a huge data breach | Confession comes as part of DoJ settlement
• Uber settles with DOJ for failing to disclose breach that exposed 57 million users’ data

Perth Festival, Black Swan State Theatre Company – July 2022

• Perth Festival, Black Swan Theatre and other arts organisations hit by major data breach

Victorian Government – July 2022

• Students, travellers and staff exposed as Hotel Quarantine data breach revealed

Woolworths – July 2022

• Woolworths denies data breach after outraged shoppers claim Everyday Rewards hacked

Marriott – July 2022

• Marriott suffers yet another data breach

Mangatoon – July 2022

• Millions of comic book fans have data leaked after Mangatoon breach

China Police – July 2022

• Private information of more than 100 Australians exposed amid huge China police data leak

Deakin University – July 2022

• Deakin University reveals breach of 47,000 students’ details | Subset targeted with smish sent via officially-used SMS channel.
• Data on Almost 47,000 Students Exposed in Deakin Uni Breach
• Hackers target Deakin Uni

AMD – July 2022

• AMD is investigating a serious potential data breach | An attacker claims to have stolen 450Gb of sensitive data
• AMD Is Investigating a Potential Data Breach Allegedly Caused by Weak Passwords

OpenSea – July 2022

• OpenSea customers warned to stay on high alert for phishing attacks | OpenSea email database exposed by third party
• NFT giant OpenSea reports major email data breach
• OpenSea users’ email addresses leaked in data breach
• NFTs Have Been Stolen From OpenSea Users

iCare – June 2022

• iCare data breach due to ‘human error’, agency says
• iCare launches systems review after 193,000 claimants affected by privacy breach
• iCare sends private details of 193,000 workers to wrong employers

Department of Home Affairs – May 2022

• Hundreds of classified Home Affairs documents believed sent to unsecured address in ‘serious’ breach of security protocols

NDIS – May 2022

• Sensitive NDIS health data breached in client platform hack
• NDIS case management system provider breached | Updated: “Large volume” of sensitive health data exposed.

Spirit Super – May 2022

• Spirit Super hit by data leak, 50,000 accounts exposed
• 50,000 super fund members impacted by data breach

APAC – May 2022

• APAC organisations fail to disclose ransomware breaches

Facebook – May 2022

• Facebook’s Zuckerberg sued for data breach
• Mark Zuckerberg, head of Facebook-owner Meta, is being sued in the US over the Cambridge Analytica scandal that compromised the personal data of millions

South Australian Government – May 2022

• More than 90,000 South Australian public servants now involved in payroll data breach

National Tertiary Education Union – May 2022

• NTEU becomes victim of data breach | NTEU servers were subject to a ransomware attack, a week out from University wide-strikes

Transport for NSW – May 2022

• TfNSW hit by another data breach
• TfNSW hit by second cyber attack in less than 18 months | Confirms authorised inspection scheme system data accessed
• Data breach a Transport for NSW fail

SuperVPN, GeckoVPN, ChatVPN – April 2022

• 25 million free VPN user records exposed

Coca-Cola – April 2022

• Coca-Cola investigating potential large-scale data breach | A new threat actor claims to have stolen gigabytes of data

Top Data Breaches and Cyber Attacks of 2022

• Cybercrime is big business, and it’s already rife in 2022 – we’ve highlighted ten top cases

Panasonic – April 2022

• Panasonic hit by another major cyberattack | Almost 3GB of data taken in attack on Panasonic

Block (ASX:SQ2) – April 2022

• Block (ASX:SQ2) share price jumps 6% despite reporting a data breach

Warrnambool Council – March 2022

• Data breach was ‘not serious’

OKTA – March 2022

• Okta says third-party breach may have impacted up to 366 customers – Hackers took control of contractor’s computer
• Lapsus$ hackers exploited Okta supplier’s security lapses – Allegedly found spreadsheet with login credentials.
• Okta investigates possible data breach – May relate to third-party customer support engineer targeted in January.
• Okta confirms hundreds of customers could be affected by data breach – January 2022 breach could have affected hundreds of Okta customers

Microsoft – March 2022

• Hackers Post Images Showing Possible Microsoft Breach – The same cybercriminal group that recently breached Nvidia briefly shares a screenshot that suggests the hackers also gained access to Bing’s source code.
• Microsoft Azure DevOps targeted by hackers
• ‘Single account’ compromise led to Microsoft’s Lapsus$ code leak – Attackers were interrupted mid-operation

Ubisoft – March 2022

• Ubisoft says ‘cyber security incident’ last week shows no evidence of data breach – Ubisoft’s IT team is working with external experts to investigate the incident, which took place last week.
• Ubisoft fans need to change their passwords now – Ubisoft player data should still be safe

Nvidia – March 2022

• Over 71,000 Nvidia accounts have personal data leaked following hack
• Nvidia says employee, company information leaked online after cyber attack
• Nvidia hackers claim they also hit Vodafone, threaten data leak
• NVIDIA data breach exposed credentials of over 71,000 employees

Samsung – March 2022

• Samsung confirms data breach after hackers leak internal source code
• Hacking group allegedly leaks 190GB of data from Samsung
• Nvidia hackers hit Samsung and leak huge data dump
• Samsung hit by major data breach — Galaxy device source code stolen
• Samsung Galaxy source code targeted by Lapsus$
• Samsung confirms hack: is your TV or smartphone at risk?

Australian Data Breaches Report

• Australian data breach statistics revealed in OAIC report

Toyota Motor – March 2022

• Toyota suspends domestic factory operations after suspected cyber attack | 13,000 vehicles held up after supplier hacked

Medlab Pathology – February 2022

• Medlab Pathology discloses February data breach
• Australian Clinical Labs accused of ‘sitting on’ hack that saw patient data posted to the dark web

OAIC Report – February 2022

• Australian gov data breach numbers slip out of public view
• Latest notifiable data breaches report

NSW Government – February 2022

• Sensitive addresses among more than 500,000 leaked from NSW Government database
• NSW nurses strike as data breach defended
• Sensitive business addresses among 500,000 published in COVID data breach

News Corp – February 2022

• News Corp reports cyber data breach
• News Corp reports cyber data breach
• Chinese hackers believed to be behind News Corp data breach

CFMMEUR – February 2022

• Union fined for data centre breach

Crypto.com – January 2022

• Security News This Week: Crypto.com Finally Admits It Lost $30 Million in Hack

Red Cross Australia – January 2022

• Locations and contact data on 515,000 vulnerable people stolen in Red Cross data breach
• Australian Red Cross clients potentially caught up in international cyber attack
• Red Cross cyberattack sees data of thousands at-risk people stolen
• Red Cross Cyber Attack Exposes Data of 515,000 Vulnerable People
• Australian Red Cross warns clients of potential security breach
• Aussie Red Cross flags potential cyber breach
• Australian Red Cross clients potentially caught up in international cyber attack
• Red Cross hackers exploited Zoho vulnerability to gain entry | Accessed case files of 515,000 vulnerable people held in encrypted database

TfNSW (Accellion) – January 2022

• TfNSW finds more customers, employees impacted by Accellion breach

FlexBooker – January 2022

• Scheduling Platform FlexBooker Discloses Data Breach Affecting 3.7 Million Accounts

Bunnings – January 2022

• Bunnings private customer data exposed in data breach
• Bunnings Customer Data Breached
• Bunnings Confirms Some Customer Data Is Caught up in FlexBooker Breach
• Bunnings stresses little risk to customers from FlexBooker data leak
• Bunnings’ drive and collect customer data caught up in FlexBooker security breach on Amazon cloud
• Bunnings shoppers’ personal information potentially exposed to data security breach
• Bunnings customers caught up in international data breach

Lastpass – December 2021

• LastPass Says It Didn’t Leak Your Password

Ubisoft – December 2021

• Ubisoft says Just Dance was hit by a data breach
• Ubisoft Says a ‘Misconfiguration’ Exposed Just Dance Player Data

Huawei – December 2021

• Key details of Huawei security breach in Australia revealed

Victoria Police – December 2021

• Charges over Victoria Police data breach

Finite Recruitment – December 2021

• Coles, Westpac, AMP and Department of Defence caught up in ‘significant’ data breach of Finite Recruitment
• A Russian Hacking Group Caused A Data Breach That Could Affect Coles, Westpac & Some Gov Depts

SA Government – December 2021

• Cyber attack steals personal data of up to 80,000 SA public servants
• Personal details of up to 80,000 SA government employees accessed in cyber attack
• Premier can’t say if government trusts firm after data breach | The state government can’t confirm its trust in a third-party payroll provider, after personal data from up to 80,000 public servants – including bank account details – were stolen.
• 80,000 SA govt employees exposed to data breach | Third party payroll service hit by ransomware.
• SA gov employee data stolen in Frontier Software ransomware attack | At least 38,000 staff impacted
• Tens of thousands locked out of ATO Online accounts after payroll hack
• Government confirms almost 80,000 public sector employees affected in Frontier Software cyber attack
• South Australian gov issues breach notice to hacked payroll provider

Gravatar – December 2021

• Gravatar profile add-on leaks data on millions of users | Details of just under 114 million users in hackers’ hands

Panasonic – November 2021

• Panasonic says it has been hit by a data breach
• Panasonic confirms data breach after hackers access internal network
• Panasonic Confirms Six Months Of Data Breaches

ACT Government – November 2021

• Canberra Liberals: Serious data breach needs independent investigation | United Firefighters’ Union
• Refer compo spreadsheet data breach to privacy watchdog: ACT firies’ union
• Independent investigation needed into workers’ compensation spreadsheet data breach: opposition
• Liberals call for external review into data breach
• ACT government publishes sensitive health data from nearly 30,000 workers’ compensation claims

Tabcorp – November 2021

• Tabcorp says bad data, technical error behind online betting breach | Took in-play bets on a US college basketball game

Australia’s Copyright Agency – November 2021

• Australia’s Copyright Agency | investigates cyber incident | Notifies 37,000-plus members

GoDaddy – November 2021

• GoDaddy security breach exposes WordPress users’ data GoDaddy security breach exposes WordPress users’ data | Up to 1.2 million customers caught up
• Global web hosting company GoDaddy reports data breach
• GoDaddy breach exposes 1.2 million customer accounts
• Cybersecurity experts weigh in on GoDaddy data breach

South Australian Ambulance Service – November 2021

• Ambulance patient data stolen

Sunwater – November 2021

• Queensland water supplier Sunwater targeted by hackers in months-long undetected cyber security breach

mySA Gov – November 2021

• mySA Gov accounts breached |  Attacker(s) reused passwords stolen in different incident
• Hackers access mySA GOV digital licence accounts, prompting warning from state government

Twitch – October 2021

• Amazon’s Twitch hit by data breach | 125GB leaked, including source code
• Twitch hack reveals multi-million-dollar sums top streamers earn from playing computer games
• Amazon’s Twitch blames configuration error for data breach
• Live streaming platform Twitch hit by huge data breach
• Twitch hit by huge data breach | Hackers warn more information is coming
• Twitch in crisis as it blames server error for massive data breach
• Massive data breach at Twitch.tv

AI Dungeon – September 2021

• If You Played AI Dungeon Back in April Your Data Was Probably Compromised

Accenture – August 2021

• Ransomware group demanding US$50M in Accenture security breach: cyber firm
• Accenture admits cyber incident also involved data breach

FIFA21 – August 2021

• Hackers ditch FIFA 21 secrets online after failed extortion attempt

Optus – 2019 Update

• Two years later: Optus data breach probed
• OAIC launches investigation into Optus data breach

SafeWA – August 2021

• Senior health officials raised concerns about SafeWA data breach long before election

Melbourne City Mission and the Department of Health and Human Services – 2017 Update

• Victorian Ombudsman launches investigation into handling of child protection data breach

Uber – 2016 Update

• Uber slapped on wrist for massive data breach | US parent argues exemption from privacy laws
• Uber found to have breached privacy of 1.2 million Aussies in 2016| Privacy watchdog releases findings of investigation
• Uber interfered with privacy of 1.2 million Australians

NSW Department of Education – July 2021

• NSW Education Dept downed by cyber attack
• NSW Education had unknown vulnerability in breached system
• Notifying individuals affected by July’s cyber incident
• Department of Education networks | The NSW Department of Education has been a victim of a cyber-security attack

Tasmanian State Growth – July 2021

• Employee allegedly passed drivers’ information to debt collector

LimeVPN – July 2021

• LimeVPN Suffers Major Data Breach, Over 69K Users at Risk | A hacker stole the backup database, customer payment details, private keys, and took the website offline.

Morningstar – June 2021

• Morningstar data breach reveals KPMG deal maker lists | A software glitch has exposed the key companies garnering the interest of big four advisory group KPMG’s deal makers and restructuring experts.

LinkedIn – June 2021

• LinkedIn denies data breach with 700 million records | Personal information on members found for sale
• LinkedIn data from 700 million users for sale on hacking forum
• LinkedIn hacked again — personal info of 756 million users leaked

Carnival Cruises – June 2021

• Cruise operator Carnival discloses personal data breach

Uniting Communities – June 2021

• Uniting Communities investigating possible data breach amid ‘cyber incident’

Ray White – June 2021

• Former Ray White real estate agent Ant Manton investigated for alleged data theft

NSW Health – June 2021

• Medical information leaked in NSW Health hack
• NSW Health admits personal data accessed in Accellion breach

Air India – May 2021

• SITA hack may have been worse than thought following Air India breach
• Air India breach compromised data for 4.5 million passengers
• Air India says data on 4.5 million passengers stolen

TPG – May 2021

• TPG confirms data on dark web belongs to its customer

NAB 2019 – April 2021

• NAB fired IT worker over data breach | Uploaded data of 13,000 customers to third-party servers
• NAB repays customers $687k for data breach

UnitingCare Queensland – April 2021

• UnitingCare Queensland hit by cyber attack | Ransomware infection reportedly impacts hospitals and aged care facilities

Swinburne University – April 2021

• Swinburne University data breach exposes details of 5000 staff, students | Seven years of event registrations found online.
• Details of over 5,000 people exposed in Swinburne uni breach

Ubiquiti – April 2021

• IoT firm Ubiquiti hit by ‘catastrophic’ data breach | Intruders allegedly gained administrative access to Ubiquity’s servers
• No customer info accessed’ in Ubiquiti breach

Shanghai Security Database – April 2021

• Australians flagged in Shanghai security files which shed light on China’s surveillance state and monitoring of Uyghurs

Facebook – April 2021

• Massive Facebook data breach leaks info on millions of users | Data of over 533 million Facebook users leaked online
• Facebook data breach: how to check if your details were leaked
• Facebook data breach exposes personal information of 533 million users, including its founder Mark Zuckerberg
• Facebook data leak: Details of 533 million users found on site for hackers
• What You Can Do About That Messy Facebook Data Breach
• How to check if your Facebook account was one of the half billion that were breached

Eastern Health – March 2021

• Victorian hospitals hit by cyber attack | Forces postponement of non-urgent elective surgeries

WA Parliamentary Email Network – March 2021

• China suspected of cyber attack on Western Australia’s Parliament during state election

Microsoft – March 2021

• Australian corporations hit by massive Microsoft Server hack
• ESET says at least 10 hacking groups using Microsoft software flaw

SITA – March 2021

• SITA data breach affects millions of airline passengers | Passenger data from multiple airlines has been acquired by hackers

Minister’s Private Email Accounts – February 2021

• ‘Security risks’: Ministers’ private email accounts in historical data breach

Transport for NSW – February 2021

• Transport for NSW data stolen in Accellion breach | Agency probes customer impact

SingTel – February 2021

• Optus parent organization SingTel assesses potential Accellion data breach

Accellion – February 2021

• The Accellion Data Breach Seems to Be Getting Bigger
• Australian orgs exposed to Accellion vulnerability

NT Health – February 2021

• NT Health Leaks Thousands of Emails in Data Breach

QIMR Berghofer Medical Research Institute – February 2021

• Qld research institute suffers data breach

Service NSW – 2020 Update

• 20,000 people still unaware of Service NSW breach | Affected residents don’t know their data was stolen last year
• Service NSW struggling to contact thousands of cyber attack victims

Oxfam – February 2021

• Oxfam Australia investigates suspected data breach | Tries to work out what data was accessed

ASIC – January 2021

• ASIC joins Reserve Bank NZ as victim of Accellion hack | Used server to transfer files on credit licence applications
• ASIC server hit by cyber security breach

Tasmanian Ambulance – January 2021

• Cybersecurity expert calls for replacement technology following Tasmanian ambulance patient data leak
• Tasmanian data leak reveals HIV status of ambulance patients
• Mass hack incident exposes Tasmanian patient’s medical data on public website

OAIC – 2020

• Notifiable Data Breaches Report 01/07/20 – 31/12/20
• Australian govt entity hit by brute-force attack | Agencies rack up reportable data breaches in back half of 2020.

Nintendo Switch – December 2020

• Nintendo Switch breach: dangerous data leak could’ve killed Switch – Massive data leak shows early Switch designs and leaked keys that could’ve toppled console

Ledger – December 2020

• Crypto wallet data breach compromises hundreds of thousands of users | Names and mailing addresses were leaked online

Spotify – December 2020

• Spotify resets passwords after a security bug exposed users’ private account information

FireEye – December 2020

• FireEye discloses breach, theft of red team tools | Releases ‘hundreds’ of countermeasures

NSW State Transit Authority – December 2020

• Ransomware outed as cause of State Transit Authority outage | Audit confirms June cyber incident took place

Flight Centre – 2017, reported December 2020

• Flight Centre leaks customer data in an incredibly stupid way
• An investigation into a major data breach involving Flight Centre Travel Group (FCTG) more than three years ago has found that the company broke a number of Australian Privacy Principles.
• Flight Centre hackathon behind 2017 breach, exposed 6918 customers’ data | Full post-mortem revealed for the first time

BTC Markets – December 2020

• BTC Markets exposes customer names, emails in botched blast send | Australia’s largest cryptocurrency exchange apologises for error

Levitas Capital – November 2020

• Hacked Sydney hedge fund part of $170m cyber crime spree

Law in Order – November 2020

• Hackers threaten to publish data from attack on legal services firm

Sophos – November 2020

• Sophos tight-lipped about data breach, no lessons learnt from WannaCry bungle
• Sophos warns customers it was hit by data breach | Data breach has exposed sensitive information of Sophos users

Wildworks – November 2020

• Animal Jam was hacked, and data stolen; here’s what parents need to know

Capcom – November 2020

• ‘Resident Evil’ game maker Capcom confirms data breach after ransomware attack
• Dragon’s Dogma 2, Street Fighter 6 reportedly leaked in Capcom data breach

Prestige Software – November 2020

• Booking.com, Expedia Group, Hotels.com customers in suspected data breach

Blackbaud – November 2020

• OAIC confirms inquiries made with cloud software firm that was breached

Nitro PDF – October 2020

• Nitro PDF suffers massive data breach, exposing Microsoft, Google, Amazon documents
• Nitro again insists data breach ‘isolated’ as incident gets more coverage

Spotless – October 2020

• Spotless hit by ransomware attack | Exclusive: Confirms a ‘number’ of servers ‘accessed’

DFAT – September 2020

• Private emails of Australians stranded countries unintentionally revealed by DFAT

CloudBees CodeShip – September 2020

• DevOps solutions provider CloudBees discloses data breach | Malicious actor accessed failover database for a year.

Scouts Victoria – September 2020

• Potential personal data breach of about 900 people after Scouts Victoria hacked
• Scouts Victoria data breach potentially nets 900 people’s personal details | Including bank details, birth certificates and court orders

Activision – September 2020

• Possible Activision hack puts thousands of COD player accounts at risk – here’s all you need to know

University of Tasmania – September 2020

• IT bungle leads to mass student data breach
• Data breach at University of Tasmania affects 20,000 students
• UTAS contacts 19,900 students caught up in data breach
• University of Tasmania leaks data of 19,900 students | Sharepoint site gave access to anyone with a UTAS email.

Royal Queensland Yacht Squadron – September 2020

• Royal Queensland Yacht Squadron To Be Questioned By Office Of Australian Information Commissioner After Data Breach

Zhenhua Data – September 2020

• A Huge Chinese Data Breach Has Exposed Info Of 35,000 Aussies Including… Natalie Imbruglia?
• Leaked Chinese database show company’s interest in Australia’s space and science sector
• Australian business leaders caught up in China’s mass surveillance: Here’s what it means

Telmate – September 2020

• Telmate data breach leaked personal info for millions of prisoners

K7Maths – September 2020

• Large Australian education data leak traced to third-party service – AusCERT rules out government ownership

Transport for NSW – August 2020

• Over 54,000 scanned NSW driver’s licences found in open cloud storage – TfNSW investigates mystery data leak on AWS S3
• More than 50,000 NSW driver’s licences exposed in mystery data leak – Drive understands those affected have not been contacted yet
• More than 50,000 NSW driver’s licences exposed in mystery data leak – It remains unclear where the image files came from, but experts say a fleet or toll operator could be to blame.
• Service NSW still waiting to notify on data breach after four months
• NSW driver’s licence data breach left Sydney health worker ‘sickened’
• How Bob the Ukrainian security consultant uncovered massive Australian data breach
• ALP calls for action after data breach affects 50,000 NSW drivers
• Data breach exposes tens of thousands of NSW driver’s licences online

Freepik – August 2020

• Popular stock image website Freepik suffers massive data breach

Tik Tok, Instagram & YouTube – August 2020

• How to Deal With This TikTok, Instagram, and YouTube Data Breach

RI Advice Group – August 2020

• ASIC sues financial services company for repeated hacks | Hacker spent 155 hours logged in without detection
• ASIC comes for IOOF subsidiary over inadequate cyber security infrastructure
• Company sued over poor cyber security – Passwords found in text files on server desktop

Canon – August 2020

• Canon data leaked online after company refuses to negotiate with ransomware attackers

ACT Public Schools – August 2020

• Canberra students gained access to school network to send graphic content to children across ACT

Visa Europe Ltd – August 2020

• iSignthis Ltd (ASX:ISX) Visa Europe Ltd -Breach of Personal Data

Carnival Corporation – August 2020

• Carnival Corporation has been hit by a ransomware attack on one of its brand’s IT systems

Intel – August 2020

• Intel investigates source code dump of proprietary data – Intel is investigating the recent leak that dumped more than 20GB of proprietary data into the public domain

Australian Universities – August 2020

• Investigating ‘deeply concerning’ hack of controversial exam software – Personal records of 444,000 ProctorU users have reportedly been obtained in a hack and leaked online in hacker forums
• Hackers hit university online exam tool
• Australian universities investigate online exam tool data breach

Instacart – July 2020

• Instacart user data is reportedly being sold online, but the company denies there was a breach

Garmin – July 2020

• Garmin goes down after suspected ransomware attack | Production halt in Taiwan, leaked internal email suggests

City of Darwin – July 2020

• The email addresses of thousands of Territorians have been ‘accidentally’  leaked by the City of Darwin ahead of the next round of the MyDarwin voucher scheme

WA Department of Health – July 2020

• WA Department of Health data breach sees confidential patient information published online
• WA Health traces data leak to third-party pager service
• Coronavirus: Teenager allegedly behind massive WA data breach
• Minor allegedly involved in Western Australia’s medical record data breach
• Clarification of reported data breach

VPN – July 2020

• Data breach of free VPN providers exposes details of millions of users

Fraudulent Cryptocurrency Scheme – June 2020

• Over 82,000 Aussies’ details leaked in crypto scam | Victim’s details show up on the web

TikTok – June 2020

• TikTok Secretly Spying On Millions Of iPhone Users | A major TikTok security issue detected by Apple

Twitter – June 2020

• Twitter apologises for business data breach

Google Chrome – June 2020

• Google Chrome Security Breach: 33 Million Downloads Of Spyware

Australia – June 2020

• Australia targeted in ‘sophisticated’ state-based cyber attack
• ‘Cyber attacks’ point to China’s spy agency, Ministry of State Security, as Huawei payback, say former Australian officials
• Australia under cyber attack
• China believed to be behind major cyber attack on Australian governments and businesses

Fisher & Paykel – June 2020

• Fisher & Paykel Appliances struck by Nefilim ransomware

Avon – June 2020

• Avon to reboot systems hit by cyber incident

Lion – June 2020

• Drinks maker Lion shuts IT systems after ‘cyber incident’
• Lion accidentally directs milk orders to Sydney IT security consultancy
• Lion warns of beer shortages after cyber attack
• Drinks maker Lion lost CIO Grainne Kearns in March

Noni B – June 2020

• ‘Whistleblower’ accuses Noni B owner of mass privacy breach

Babylon Health – June 2020

• Babylon Health data breach exposes user medical records to strangers | Bug was accidentally introduced via a recent update
• Babylon Health admits GP app suffered a data breach

Joomla – June 2020

• Content management system Joomla hit by data breach

AFL Fan Website – May 2020

• 70 million records exposed in data leak from AFL fan website, cyber researchers claim

IN SPORT – May 2020

• Retailer IN SPORT’s head office hit by ransomware – Rebuilds systems but loses some data

My Health Record – May 2020

• My Health Record system hit by hack attempt

Service NSW – May 2020

• Service NSW hit by email compromise attack | Agency tries to work out what they accessed

BlueScope Steel – May 2020

• BlueScope IT ‘disruption’ feared to be ransomware attack | Production systems impacted

GoDaddy – May 2020

• GoDaddy confirms it suffered a data breach | Incident happened in October 2019, GoDaddy tells users

WA Police Force – April 2020

• Confidential details of entire WA Police Force accessed in ‘startling’ audit breach, CCC finds

Optus – April 2020

• Optus hit with $40 million class action after alleged data breach of 50,000 customers details
• Optus faces class action over major data breach
• Optus facing class action over alleged customer privacy breaches

Facebook – April 2020

• Millions of Facebook profiles for sale on the Dark Web

Apple – April 2020

• Flaw in iPhone, iPads may have allowed hackers to steal data for years | But Apple is planning to fix the flaw

Zoom – April 2020

• 500,000 Zoom Account Breaches Reminds Us Not To Be Sloppy With Passwords
• How to stay safe on Houseparty and Zoom
• Intruder alert! How to keep Zoom meetings secure
• How To Protect Your Zoom Account From Recent Data Breaches
• Zoom brings in big guns to fix security problems | Paid users can avoid specific data centres

Marriott – April 2020

• Marriott discloses second data breach in two years

Federal Court – March 2020

• Federal court data breach sees names of protection visa applicants made public

Houseparty – March 2020

• Houseparty denies security breach as users accuse app of hacking accounts

Chubb – March 2020

• Cyber insurer Chubb had data stolen in Maze ransomware attack

Norwegian Cruise Line – March 2020

• World’s third largest cruise line Norwegian suffers data breach

Microsoft Teams and Zoom – March 2020

• Phishers quick to exploit remote working apps in COVID-19 lockdown

Henning Harders – March 2020

• Another Aussie logistics company falls prey to ransomware

Melbourne TAFE – March 2020

• Melbourne TAFE data breach exposes 55k student, staff files – Sensitive financial, health data accessed

Australian Department of Defence – March 2020

• Fears private details of Defence Force members compromised in database hack
• Defence plays down report of likely recruitment database breach

Nord VPN – March 2020

• Top VPN software had a major security flaw – Vulnerability discovered during HackerOne session

Alinta Energy – March 2020

• Alinta Energy accused of putting customers’ sensitive information at risk
• Alinta Energy accused of endangering privacy of 1.1 million customers

Clearview AI – February 2020

• Controversial facial recognition startup Clearview AI hit by massive client data breach
• Leaked Document Shows Australian Police Use Creepy Clearview AI Facial Recognition Software

Talman – February 2020

• Australian wool sales stopped by ransomware attack – Software maker Talman hit by attackers

Samsung – February 2020

• Mystery notification may not have been as innocent as company first claimed

MGM – February 2020

• MGM data breach exposed personal details of 10.6 million hotel guests – If you’ve stayed at an MGM Resorts hotel, you may be among victims of the latest massive data breach.
• MGM Resorts sued over data breach
• CES Attendees Data Hacked MGM Resorts Compromised

Slickwraps – February 2020

• Slickwraps hit by customer data breach – Phone accessory firm ignored multiple warnings from security researcher

Smartwatch – February 2020

• Smartwatch apps let parents keep track of kids, but data breaches mean strangers can watch them

Toll – February 2020

• Toll held to ransom as cyber attack stalls deliveries
• Toll Group confirms “targeted” ransomware attack
• Toll Group hit by “new variant” of Mailto ransomware
• Toll Group tight-lipped on alleged ransomware attack
• Toll Group shuts IT systems after ‘cyber security incident’
• ACSC gets to grips with Mailto threat after Toll Group infection – Releases hash of ransomware “from this incident”

Yarra Trams – February 2020

• Yarra Trams data breach: Commuters’ email addresses exposed

Perth Mint – January 2020

• Perth Mint visitor data stolen after feedback survey company hacked

Microsoft – January 2020

• Microsoft customer support database exposed online
• How To Protect Yourself In Microsoft’s Recent Data Breach

LabCorp – January 2020

• LabCorp security lapse exposed thousands of medical documents

I.M.L. SLU, the parent company of ImLive and PussyCash – January 2020

• Porn site data breach leaks thousands of cam models’ personal details
• Porn stars exposed in data leak
• Exclusive: Australians involved in online pornography data breach

P&N Bank – January 2020

• WA’s P&N Bank hit by data breach – “Non-sensitive” data from CRM accessed

Travelex – January 2020

• Travelex website was hit by Sodinokibi ransomware – Foreign currency firm facing demand to release its systems

Amazon – January 2020

• Amazon Employees Leak Customer Data To Third-Party Agent (Again)

Wyze – January 2020

• How To Protect Your Wyze Account After The Recent Data Breach – A recent security breach has leaked the information of over 2.4 million Wyze security camera users. The compromised database was left unsecured and publically accessible, and it appears that the information was being collected and stored by the Alibaba cloud computing company in China.

Plenty of Fish (PoF) – December 2019

• Plenty of Fish leaks private user information – Users have private information freely displayed on their dating profiles

Primus Realty – December 2019

• Credit card and other details of Perth rental applicants may have been public for 21 months

Amazon Ring – December 2019

• Amazon Ring cameras keep getting hacked. Here’s how to protect your Ring against hackers

Vistaprint – December 2019

• 800 Australians in Vistaprint data breach – Web-to-print giant Vistaprint has discovered around 800 of its Australian customers were on the online data breach first revealed in an Australia-exclusive by Print21 last week, and at the time thought to not include any local customers.

Monash IVF Group – December 2019

• Fears over patient data breach after cyberattack on Monash IVF – One of Australia’s largest IVF providers has warned patients that it could not rule out the possibility their personal information may have been breached following a widespread cyberattack on staff emails last month.

ANU – November 2019

• ANU students forced to re-sit exam after data leak

Nord VPN Breach – November 2019

• What’s the truth about the NordVPN breach? Here’s what we now know.  Exactly what happened is a complex story…

AIS, Sport Australia – November 2019

• AIS, Sport Australia investigate potential data breach – The AIS and Sport Australia are investigating a potential breach of an agency email account after it was hacked last week.

ZoneAlarm – November 2019

• Personal details of 4,500 forum subscribers were obtained by hackers

Monash IVF Group – November 2019

• Monash IVF patients receive bogus emails after ‘malicious cyber attack’ on fertility company

NSW Labor Headquarters – November 2019

• NSW Labor Headquarters Reported For possible Data Breach – The NSW Labor party could be dragged into the troubles of an embattled Sydney mayor after he was accused of breaching data privacy laws and misusing the electoral roll.

Adobe – October 2019

• 7.5 Million Adobe Accounts Exposed By Security Blunder

GET – October 2019

• Tech start-up apologises to students after potential data breach

Google – October 2019

• ACCC Go After Google Claiming Data Breach

Optus – October 2019

• Thousands of Optus mobile numbers mistakenly published in White Pages

Sydney IT Contractor – October 2019

• Sydney IT contractorcould face jail over data breaches affecting 270,000 people
• ‘Trusted inside access’ – Sydney IT contractor arrested over Landmark White data breach
• Contractor charged over Sydney data breach

Victorian Hospitals – October 2019

• Surgeries delayed and patient security fears after cyber attack on Victorian hospitals
• Multiple Victorian hospitals hacked in suspected ransomware attack

Zynga – October 2019

• Social games company Zynga reveals data breach – Zynga has disclosed a data breach that may have compromised millions of account login details for its popular Words With Friends and Draw Something games.
• Words With Friends Data Allegedly Stolen In Breach That Could Affect 218 Million Users

DoorDash – September 2019

• UberEats competitor DoorDash suffers data breach, exposing details of five million customers
• DoorDash security breach affects nearly 5 million users

Get – September 2019

• ‘Alarming’ Data Breach Exposes 50,000 Students In Ticketing Website Bungle
• Get data breach leaves 50,000 students vulnerable
• Data breach suffered by online service used by SASS, SciSoc, St John’s College

TGI Fridays – September 2019

• TGI Fridays admits to exposing customer data, as Aussie breaches spike
• TGI Fridays Australia data breach highlights concern

Web.com – August 2019

• Web.com, Register.com and Network Solutions all suffered a data breach in August

Imperva – August 2019

• Imperva discloses data breach affecting some firewall users

PAY ID – August 2019

• Personal banking information at risk following fresh data breach
• Banks told to tighten security after payments data breach
• PayID in new breach affecting customers at big four banks
• Aussie banks warn customers after fresh PayID data breach
• PayID breach sees customers’ banking information hacked – Tens of thousands of customers’ personal banking details are at risk after scammers broke into a new payment database.

BUPA – Sonic HealthPlus (SHP) – August 2019

• Sensitive personal data of hundreds of visa applicants accidentally leaked in email mishap – The personal health information of 317 people applying for Australian visas was accidentally emailed to a member of the general public, an ABC investigation has revealed.

Myki – August 2019

• Watchdog slams Public Transport Victoria for Myki data breach
• Botched myki data release breached privacy laws
• ‘Shocking’ myki privacy breach for millions of users in data release
• Myki data leak put privacy at risk: report

TAFE NSW – August 2019

• Exclusive: TAFE NSW staff details stolen after computer systems allegedly hacked

Cloud Union – New Zealand – August 2019

• Ecommerce service exposed passports, ID details of users – S3 bucket included details of individuals included in the Dow Jones Watchlist

Air New Zealand – August 2019

• Air New Zealand staffer falls for phishing attack – Customer info stolen two weeks after airline praised for data privacy.

Neoclinical – August 2019

• Thousands of medical histories exposed in data breach

Sephora – July 2019

• Sephora in damage control after Aussies’ data leaked
• Sephora: “some customers may have been exposed”

AAMC Loss Assessor – July 2019

• Motor loss assessing firm AAMC has alerted insurers after an unauthorised cyber breach affected part of its systems.

NAB – July 2019

• NAB reveals 13,000-person data breach at 6PM Friday – Dataset uploaded to the servers of two service providers.
• NAB admits thousands had personal data breached, blaming ‘human error’

Equifax – July 2019

• Equifax hit with major pay out for data breach settlement

MYOB – July 2019

• MYOB in payslip privacy bungle – Blamed on cloud system “glitch”
• Australian workers’ salaries exposed after MYOB glitch

Commonwealth Bank – July 2019

• Comm Bank slapped over failed security – Missing bank statements cause concern about customer privacy

British Airways – July 2019

• British Airways faces record-breaking fine over data breach
• British Airways faces record $329m fine over data breach – Punished under GDPR
• BA to contest data breach fine

Queensland Health – July 2019

• Queensland Health launches investigation after medical files found on busy Brisbane road

MEGT & Ability English – July 2019

• Education services provider confirms data breach – Student information system provider left data in open S3 bucket

Insurance House – June 2019

• Cyber attack impacts Insurance House
• Insurance House wrestles with cyber attack aftermath
• Cyber crooks ‘demanded ransom’ from ProRisk
• We don’t pay ransoms

GeelongPort – June 2019

• GeelongPort has been the subject of a cyber attack, resulting in a data breach of its electronically stored information such as visitor induction names and driver licences.

Nagle Catholic College WA – June 2019

• Parents’ financial details stolen in cyber attack on Geraldton Catholic school
• Geraldton’s Nagle Catholic College swept up in cyber attack targeting parent banking details
• Nagle Catholic College parents targeted in cyber attack on Geraldton high school

Specsavers Qld – June 2019

• Specsavers says Qld customers’ private medical information may have been compromised

Symantec – June 2019

• Symantec breach revealed client list, passwords: report

Australian Catholic University – June 2019

• Staff details stolen in fresh data breach
• ACU discloses data breach
• Phishers hit ACU, compromised systems
• ACU systems compromised and details stolen after cyber breach
• Attackers use phishing to gain access to ACU staff data

Revenue NSW – June 2019

• Privacy fears for Illawarra drivers as NSW govt data breach referred to ICAC Illawarra drivers may have had their private details leaked to the media as part of a “political smear campaign”
• NSW Labor refers alleged data leak to ICAC

Australian National University – June 2019

• China ‘behind’ huge ANU hack amid fears government employees could be compromised
• ANU breach a risk for security officials as China becomes key suspect
• Almost 20 years of personal data was stolen from ANU. It could show up on the dark web
• 19 years’ worth of personal data stolen from ANU – It could be sold on the dark web

Microsoft – May 2019

• Patch now against wormable ‘BlueKeep’ remote desktop flaw: ACSC – Spectre of another WannaCry-style epidemic raised

Princess Polly – May 2019

• Aussie fashion e-tailer Princess Polly suffers data breach – Card info may have been captured as it was entered into site

Canva – May 2019

• Canva under cyber-attack, with reportedly as many as 139 million users affected
• Aussie Canva Hit By Massive Data Breach: User Details Stolen
• Canva criticised after data breach exposed 139m user details
• “Marketing fluff”: What startups can learn from Canva’s data-breach response

Instagram – May 2019

• Instagram hit by two privacy breaches in a week – The Facebook-owned company fails it users.
• Instagram users’ data exposed to hackers
• Instagram has a MAJOR personal data breach 50 million users have had their personal details shared
• Perth socialite Melissa Graham held to ransom after Instagram privacy breach

CCH software – May 2019

• Wolters Kluwer takes down cloud services after malware infection – Impacts Australian users of CCH software

Binance – May 2019

• Binance hackers shift stolen bitcoin, identity still unclear: researchers – Funds now sitting in several digital wallets

Twitter – May 2019

• Twitter accidentally shares user location data with advertising partner | Through Apple devices

WhatsApp – May 2019

• WhatsApp flaw allowed spyware injection via calls | Pegasus comes calling whether you answer or not
• WhatsApp urges upgrade after ‘serious’ security breach allowed hackers to put spyware on phones
• WhatsApp major security flaw could let hackers access phones
• WhatsApp patches flaw after spyware revelation
• WhatsApp security breach likely a government surveillance attack, company says

WPA3 Dragonfly – April 2019

• New wi-fi security standard broken already | Implementations not done properly

Wipro – April 2019

• Wipro hacked, internal systems used to attack customers: report Months-long intrusion
• Wipro confirms breach, says customers are ‘anxious’
• Connectwise CEO defends security stance after Wipro breach

Speedrun.com – April 2019

• Major Speedrunning Hub Forced To Roll Back Rankings After Security Breach

Australia Post – March 2019

• AusPost’s Bill Scanner caught up in Gmail privacy sweep – Works with Google to ensure API permissions aren’t revoked

ASUS – March 2019

• ASUS users targeted in large supply chain attack – Users infected via software update utility
• ASUS releases fix after ShadowHammer malware attack – But some users unable to update to non-backdoored software

Bank of Queensland – March 2019

• Bank warns of reported third-party data breach – The Bank of Queensland has announced that it has been made aware of a personal data breach by a third party provider

Kathmandu – March 2019

• Credit cards cancelled as Kathmandu reveals online store hacked – month-long breach during peak discount period
• Kathmandu hit by hackers
• Credit cards cancelled as Kathmandu reveals online store hacked
• Kathmandu flags suspected data breach
• Data breaches have possibility to ruin customer relationships

Citrix – March 2019

• Citrix investigates major security breach – resecurity says it believes at least 6TB of data was downloaded
• Citrix hackers stole employee, financial data

Melbourne Hospital – February 2019

• A cyber crime syndicate accessed the medical files of 15,000 patients at Melbourne Heart Group at Melbourne’s Cabrini Hospital
• ‘The crooks are ahead’: Cabrini breach a warning for Australia
• Melbourne heart clinic hit by ransomware attack

CoffeeMeetsBagel – February 2019

• Dating site Coffee MeetsBagel warns Aussie users of data breach on Valentines Day
• ‘Coffee Meets Bagel’ Dating Site Hit by Data Breach

9Honey – February 2019

• Dating app suffers data breach

Toyota Australia – February 2019

• Toyota Australia hit by cyber attack – takes down email and other systems
• Cyber Ransom Attacks On The Rise, Toyota Australia has confirmed it has been subject to an attempted cyber attack
• Millions of customers’ data accessed in second Toyota hack – Tokyo sales subsidiaries raided
• Toyota Australia hit by cyber attack

AMP – February 2019

• Chinese AMP contractor pleads guilty to data breach

LandMark White – February 2019

• Australian bank customers caught in valuation firm data breach | Caused by undisclosed ‘security vulnerability’
• Home loan details of 100,000 customers hacked in major data breach
• LandMark White blames exposed API for data breach – ANZ confirms it has suspended use of the property valuer
• Valuation firm hit by data breach LandMark White pleads for long share suspension
• Embattled LandMark White shares drop 10.6 pc after data breach
• NAB pulls plug on LandMark White as home loan breach scandal grows
• LandMark White blames ill-informed public commentary on its dark web data breach for further ASX share suspension
• Centrelink keeps LandmarkWhite, says data breach hit ‘very small’ client group
• LandMark White counts cost of data breach – LandMark White still unsure of financial impact
• LandmarkWhite knew of IT weakness in 2017, a year before data breach
• Landmark White’s stolen data re-appears on dark web
• Landmark White data disaster claims CEO scalp
• LandmarkWhite faces regulator scrutiny over IT response, disclosure
• LandMark White CEO exits after data breach – two directors step down from board
• CBA assures itself of LandMark White’s post-breach infosec
• LandMark White’s data breach just the beginning for cyber criminals

Department of Parliamentary Services – February 2019

• Security breach strikes parliament’s IT network – all passwords reset
• Political party networks caught up in parliament’s IT breach – but no evidence of electoral interference
• The cyber attack on Parliament was done by a ‘state actor’ 
• Citrix | Australian parliament hackers gain remote access

Bunnings – February 2019

• Bunnings exposed staff performance database – individual staffer did unwanted homework

Facebook – January 2019

• Apple Shuts Down Facebook Data Collecting App – Since 2016, Facebook has been asking users to install a “Facebook Research” VPN that lets the company monitor their phone and online activity, according to Tech Crunch
• Apple punishes Facebook over app that paid users to hand over data
• The Apple-Facebook Feud Hits a Breaking Point
• Facebook stored millions of user passwords in plain text – hundreds of millions of users to be notified
• Facebook says up to 111,813 Aussies in last year’s security breach
• Facebook’s lax security has left millions of users with a lot to worry about
• Facebook staff had access to millions of users’ passwords in plain text, violating security practices

Global Hacking Scare – January 2019

• Global hacking scare nets Queensland MP, Surf Life Saving as millions of passwords breached – websites belonging to Queensland’s Deputy Opposition Leader, a real estate business and Surf Life Saving Australia are among thousands of pages caught up in the latest international data breach

SkoolBag – January 2019

• MOQdigital’s education software platform SkoolBag caught in global data breach

Optus – January 2019

• ‘Mistakenly’ Publishes Private Numbers Online And In White Pages

Collection #1 – January 2019

• Breach Exposes a Record 773 Million Email Addresses – The massive trove of leaked data, which was posted to a hacking forum, also includes 21,222,975 unique passwords.
• Experts comment on record 772mil-user data breach – Cybersecurity expert and founder of website Have I Been Pwned Troy Hunt broke the news recently that the largest ever database of breached login details have been leaked on the dark web.
• Data leak – Collection #1 is the just the beginning
• Cyber watchdog warns on dark web PS data – The Australian Cyber Security Centre (ACSC) has urged organisations and individuals across the Australian Public Service to check if their email addresses and/or passwords are included on recently released lists of stolen data.

Fisheries Queensland – January 2019

• Fisheries Qld blames bad update for password ‘fault – allowed fisherman to get into any account.

First National Real Estate – January 2019

• Job applicant data exposed online CVs and cover letters published
• Real estate industry provider exposes data
• Data breach exposes personal info of jobseekers

Department of Planning and Environment, NSW Major Projects – January 2019

• Fury over privacy ‘breach’. FURIOUS Tweed Valley Hospital site protesters say their privacy has been breached after a State Government body allegedly published their personal details online without permission.

Victorian Government – January 2019

•  Vic Govt employee directory accessed by unauthorised party impacts about 30,000 staff

Marriott Hotel Group / Starwood – January 2019

• Marriott Unsure How Many Hundreds Of Millions Of Guests Got Screwed By Data Breach
• Starwood hack exposed 5.25m unencrypted passport numbers
• Marriott CEO apologises for data breach, vows improvements

Early Warning Network – January 2019

• Emergency text and email service hacked, thousands receive warning messages about their personal data.

Big W – January 2019

• Customer data leaked due to printer repair mishap

Hawthorn Football Club – January 2019

• Hawks warn members of security threat

Nova Entertainment – January 2019

• Nova notifies listeners of data breach – Nova Entertainment has admitted that listeners’ data from the period of May 2009 to October 2011 has been “publicly disclosed”.
• Nova admits to huge data breach

My Health Records – January 2019

• Critics want My Health Record delayed again after recording 42 data breaches this year.
• My Health Record system data reaches rise
• As My Health Record opt-out ends, security concerns continue

Victorian Public Servants – January 2019

• Victorian Public Servants hit by massive data theft – The work details of 30,000 of Victorian public servants were stolen from a government directory in a data breach just days before Christmas.

Commonwealth Bank – December 2018

• Commonwealth Bank customers’ medical data exposed in potential privacy breach – The Commonwealth Bank is urgently investigating a potential data breach that may have given its staff access to customers’ sensitive medical information.

Humble Bundle – December 2018

•  Humble Bundle Falls Victim To ‘Very Limited’ Data Breach [Updated] 

News Corp – December 2018

• News Corp’s email bungle a harsh lesson in data privacy

Marriott’s Hotels – December 2018

• Massive data breach at Marriott’s hotels exposes private data of 500,000 guests – A massive data breach has exposed the private data, including passport and credit card numbers, of half a million guests of the international hotel chain.
• Credit card info and passport details of 500 million Marriott guests stolen in mammoth data breach

Dell – November 2018

• Dell resets dell.com passwords after finding likely data breach – Computer manufacturer Dell has reset all passwords for accounts on its dell.com site, after it became aware on 9 November that an attempt to exfiltrate data was taking place.

Victoria’s Emergency Services – November 2018

• ‘Appalling’ emergency services data breach to be investigated – The state government will launch an immediate investigation into an “appalling”  data breach that saw personal details of emergency services staff posted to the web.

Amazon – November 2018

• Amazon suffers data breach, but says little about it –Amazon delivered a nasty surprise on one of its busiest days of the year today after discovering it had “inadvertently” leaked customers’ personal information.
• Amazon suffers customer data breach hours before Black Friday
• Amazon is getting slammed for a confusing email telling some customers they don’t need to change their password after a data leak
• Amazon Is Offering Gift Cards To Customers Who Complain About Its Data Breach

PageUp People – November 2018 Update

• No evidence’ data stolen in compromise

Federal Group Hotel – November 2018

• Contact databases hit by ‘low risk’ data breach – A Tasmanian luxury hotel and casino group has told some guests their personal information may have been accessed by a third party after a “low risk” data breach saw contact databases affected.
• Data breach hits luxury hotels in Tasmania, with guest details at risk of theft by ‘third party’.

Under Armour’s MyFitnessPal App – November 2018

• Under Armour says 4 million Aussie accounts in data breach – 150 million impacted worldwide

Austal – October 2018

• Extortionists target Aussie defence shipbuilder after cyber security breach
  Australia’s biggest defence exporter has been targeted by extortionists who launched a successful cyber attack to breach the company’s data management systems.
• Shipbuilder’s information accessed and offered for sale.

Facebook – September 2018

• Security breach affects 50 million users – company logs off 90 million accounts as a precaution.
• Everything we know about Facebook’s data breach
• Forbes coverage of Facebooks massive data breach
• Facebook trims data breach to 29m users
• Facebook says it will message users affected following the theft of data from 29 million accounts to tell them what type of information has been accessed.

Perth Mint – September 2018

• Perth Mint revises data breach impact – thousands of customers now affected.

RCR Tomlinson Engineering – August 2018

• RCR Tomlinson sat on staff data breach for three months.

Strathmore Secondary College – August 2018

• Probe into Melb high school privacy breach – The education department is investigating a privacy breach resulting in the accidental publication of Melbourne high school students’ personal records.

Airport Security Identity Cards (ASICs) – July 2018

• Airport security card company reveals data hack as AFP investigates.

MY Health Record – July 2018

• Could be our worst government data breach yet.
• My Health record data breach.
• Privacy Commissioner poised to release delayed data breach report but My Health Record adopts a different definition

Townsville City Council [Typeform] –  July 2018

• Online system used by Townsville City Council hacked exposing public’s personal details.  HACKERS may have obtained the personal details who entered an art competition run by Townsville City Council. The council confirmed it had been notified about a security breach on Typeform, a company it uses.

Timehop App – July 2018

• Social media memories app Timehop got hit by a data breach affecting 21 million users.
• Security Brief’s article on the Timehop hack
• PC Authority’s coverage on the Timehop data breach

Cairns council hit by data breach [Typeform] | July 2018

• Cairns Regional Council has confirmed two of its online surveys were impacted by data security breaches
• Cairns Council Apologies After Hackers Breach Forms

PEXA – National e-conveyancing platform – July 2018

• PEXA account compromise sees family lose home sale funds – Security team scanning logs for same pattern.

Australian National University – July 2018

• ANU network ‘significantly compromised’ by hackers – University has spent ‘months’ containing threat
  
• Chinese Hackers Breach ANU

Airtasker – July 2018

• Airtasker caught up in Typeform data breach – Jobs marketplace Airtasker has revealed a “small amount” of data it collected through web forms may have been compromised in the Typeform breach

Bakers Delight – July 2018

• Bakers Delight warns comp entrants after Typeform breach – latest Australian company to notify customers of potential exposure to the Typeform data breach.

Tasmanian Electoral Commission – July 2018

• Tasmanian voters caught in data breach – Express vote applicants impacted

Ticketmaster – June 2018

• Ticketmaster Australia admits customer details may have been stolen in hack.
• Musicfeeds Article
• Sydney Morning Herald Article

HealthEngine – June 2018

• HealthEngine reveals data breach – Patient feedback information ‘may’ have been accessed

Flightradar24 – June 2018

• Flightradar24 suffers security breach – Attackers hit single server – Popular flight tracking site Flightradar24 has suffered a security breach that “may” have compromised the email addresses and hashed passwords

PageUp People – June 2018

• PageUp People all but confirms personal data ‘accessed’ – Widely-used Australian cloud HR vendor

MyHeritage – June 2018

• MyHeritage breach leaks 92 million users’ details – A security breach at family networking and genealogy website leaked email addresses and hashed passwords of users

Family Planning NSW – May 2018

• Family Planning NSW hit by ransomware attack – may have compromised online databases.

Svitzer Australia – March 2018

• First data breach publicised under Australian notice scheme – Svizter reveals email leak

GoGet – January 2018

• GoGet reveals data breach as police arrest alleged hacker – Car Sharing Service – Customer data accessed