Kott Gunning has prepared the below #cyberthreatregister, to help businesses stay informed about data breaches and cyber incidents in 2018.
Cyber Threat Register
|March||Svitzer – hack/data breach||Svitzer, a shipping company, has reported that over 50,000 emails had been forwarded to a third-party, with potential lost details including tax file numbers and superannuation account numbers. This was one of the first incidents reported under the mandatory data breach reporting laws that took effect in February.|
|April||Facebook / Cambridge Analytica – data disclosure / harvesting||An estimated 87,000,000 Facebook users have had their data harvested by third-party Cambridge Analytica through online surveys.|
|May||Commonwealth Bank – potential data loss/disclosure||The CBA has confirmed it may have lost two data tapes containing financial statements of nearly 20,000,000 customers. The tapes were meant to be destroyed. However, the CBA did not receive the requisite proof of destruction document, so the tapes could be out there somewhere.|
|May||PageUp – hack/data breach/malware||PageUp, an online HR software platform, has admitted that malicious code was executed on their systems. The extent of the breach is unclear, however data may have been accessed including bank details and tax file numbers!|
|April/May||Family Planning NSW – hack/data breach||Hackers have accessed Family Planning NSW’s database, potentially stealing up to 8,000 people’s personal information. The hackers reportedly demanded a $15,000 ransom.|
|June||Ticketmaster – hack/malware/data breach||Ticketmaster has reported that malware has resulted in a data breach with potential theft of customer details including names, email addresses, login details, and payment information.|
|July||HealthEngine – accidental data disclosure||HealthEngine, a medical appointment booking website, has admitted to a data breach. The breach involved users’ identifying information being accessible to anyone after leaving a review.|
|July||Tasmanian Electoral Commission (TEC) / Typeform – hack/data breach||The TEC has reported that Typeform had been hacked, with voter details accessed (including name, date of birth, and email address information). Typeform is a third-party company that collects data for the TEC.|
|July||Apple – employee theft /data disclosure||An Apple employee is alleged to have downloaded internal commercial data and attempted to take them to China. The data included the blueprint for a self-driving car circuit board.|
|July||US military – hack/data breach||US military documents have been stolen after a hacker accessed an Air Force captain’s router. The breach includes sensitive documents about US military drones.|
|July||Aviation ID Australia – hack/data breach||Aviation ID Australia has been hacked, admitting that a “localised portion” of their website had been accessed and they were unable to confirm what information had been accessed. The company issues Aviation Security Identity Cards, which allow access to secure areas of airports.|
|July||Singapore government – hack||1,500,000 patients of Singapore Health Services have had their personal data stolen, including names, addresses, and dates of birth. Singapore’s Prime Minister is one of those affected. A timely reminder of the insecurity of the internet with Australia’s new online My Health Record!
|August||Banks internationally – potential hack||The FBI is warning that cyber criminals are targeting banks with cloned cards and hacked payment processors to withdraw money from ATMs.
|October||Cathay Pacific – Data Breach||The passport numbers, identity card numbers, frequent flyer program membership numbers, customer service remarks and historical travel information of up to 9,400,000 passengers have been stolen after the airlines IT systems were hacked. The combination of personal information stolen is particularly concerning to the extent that the airline has had to recommend that all passengers monitor their accounts for suspicious activity.|
|November||Austal – Data Breach||Defence shipbuilder Austal’s business was hit with a data breach and extortion attempt.
Some staff email addresses and mobile phone numbers were accessed in the breach. The attacker tried to sell certain materials on the internet and engage in extortion.
If you have any questions or concerns regarding your business’s risk exposure or need legal advice following a hack – contact our cyber, data protection and reputational risk team Tim Kennedy, Stephen Williams and Tom Darbyshire on 08 9321 3755.
Related cyber risk articles –