Kott Gunning has prepared the below cyber threat register, to help businesses stay informed about data breaches and cyber incidents in 2018.
Cyber Threat Register
|March||Svitzer – hack/data breach||Svitzer, a shipping company, has reported that over 50,000 emails had been forwarded to a third-party, with potential lost details including tax file numbers and superannuation account numbers. This was one of the first incidents reported under the mandatory data breach reporting laws that took effect in February.|
|April||Facebook / Cambridge Analytica – data disclosure / harvesting||An estimated 87,000,000 Facebook users have had their data harvested by third-party Cambridge Analytica through online surveys.|
|May||Commonwealth Bank – potential data loss/disclosure||The CBA has confirmed it may have lost two data tapes containing financial statements of nearly 20,000,000 customers. The tapes were meant to be destroyed. However, the CBA did not receive the requisite proof of destruction document, so the tapes could be out there somewhere.|
|May||PageUp – hack/data breach/malware||PageUp, an online HR software platform, has admitted that malicious code was executed on their systems. The extent of the breach is unclear, however data may have been accessed including bank details and tax file numbers!|
|April/May||Family Planning NSW – hack/data breach||Hackers have accessed Family Planning NSW’s database, potentially stealing up to 8,000 people’s personal information. The hackers reportedly demanded a $15,000 ransom.|
|June||Ticketmaster – hack/malware/data breach||Ticketmaster has reported that malware has resulted in a data breach with potential theft of customer details including names, email addresses, login details, and payment information.|
|July||HealthEngine – accidental data disclosure||HealthEngine, a medical appointment booking website, has admitted to a data breach. The breach involved users’ identifying information being accessible to anyone after leaving a review.|
|July||Tasmanian Electoral Commission (TEC) / Typeform – hack/data breach||The TEC has reported that Typeform had been hacked, with voter details accessed (including name, date of birth, and email address information). Typeform is a third-party company that collects data for the TEC.|
|July||Apple – employee theft /data disclosure||An Apple employee is alleged to have downloaded internal commercial data and attempted to take them to China. The data included the blueprint for a self-driving car circuit board.|
|July||US military – hack/data breach||US military documents have been stolen after a hacker accessed an Air Force captain’s router. The breach includes sensitive documents about US military drones.|
|July||Aviation ID Australia – hack/data breach||Aviation ID Australia has been hacked, admitting that a “localised portion” of their website had been accessed and they were unable to confirm what information had been accessed. The company issues Aviation Security Identity Cards, which allow access to secure areas of airports.|
If you have any questions or concerns regarding your business’s risk exposure or need legal advice following a hack – contact our cyber, data protection and reputational risk team Daniel Coster, Stephen Williams and Tom Darbyshire on 08 9321 3755.
Related cyber risk articles –