Home NewsKott Gunning’s Cyber Threat Register

Kott Gunning’s Cyber Threat Register

Kott Gunning has prepared the below #cyberthreatregister, to help businesses stay informed about data breaches and cyber incidents in 2018.

Cyber Threat Register

DATE INCIDENT SUMMARY
March Svitzer – hack/data breach Svitzer, a shipping company, has reported that over 50,000 emails had been forwarded to a third-party, with potential lost details including tax file numbers and superannuation account numbers. This was one of the first incidents reported under the mandatory data breach reporting laws that took effect in February.
April Facebook / Cambridge Analytica – data disclosure / harvesting An estimated 87,000,000 Facebook users have had their data harvested by third-party Cambridge Analytica through online surveys.
May Commonwealth Bank – potential data loss/disclosure The CBA has confirmed it may have lost two data tapes containing financial statements of nearly 20,000,000 customers. The tapes were meant to be destroyed. However, the CBA did not receive the requisite proof of destruction document, so the tapes could be out there somewhere.
May PageUp – hack/data breach/malware PageUp, an online HR software platform, has admitted that malicious code was executed on their systems. The extent of the breach is unclear, however data may have been accessed including bank details and tax file numbers!
April/May Family Planning NSW – hack/data breach Hackers have accessed Family Planning NSW’s database, potentially stealing up to 8,000 people’s personal information. The hackers reportedly demanded a $15,000 ransom.
June Ticketmaster – hack/malware/data breach Ticketmaster has reported that malware has resulted in a data breach with potential theft of customer details including names, email addresses, login details, and payment information.
July HealthEngine – accidental data disclosure HealthEngine, a medical appointment booking website, has admitted to a data breach. The breach involved users’ identifying information being accessible to anyone after leaving a review.
July Tasmanian Electoral Commission (TEC) / Typeform – hack/data breach The TEC has reported that Typeform had been hacked, with voter details accessed (including name, date of birth, and email address information). Typeform is a third-party company that collects data for the TEC.
July Apple – employee theft /data disclosure An Apple employee is alleged to have downloaded internal commercial data and attempted to take them to China. The data included the blueprint for a self-driving car circuit board.
July US military – hack/data breach US military documents have been stolen after a hacker accessed an Air Force captain’s router. The breach includes sensitive documents about US military drones.
July Aviation ID Australia – hack/data breach Aviation ID Australia has been hacked, admitting that a “localised portion” of their website had been accessed and they were unable to confirm what information had been accessed. The company issues Aviation Security Identity Cards, which allow access to secure areas of airports.
July Singapore government  – hack 1,500,000 patients of Singapore Health Services have had their personal data stolen, including names, addresses, and dates of birth. Singapore’s Prime Minister is one of those affected. A timely reminder of the insecurity of the internet with Australia’s new online My Health Record!
August Banks internationally – potential hack The FBI is warning that cyber criminals are targeting banks with cloned cards and hacked payment processors to withdraw money from ATMs.

If you have any questions or concerns regarding your business’s risk exposure or need legal advice following a hack – contact our cyber, data protection and reputational risk team Daniel Coster, Stephen Williams and Tom Darbyshire on 08 9321 3755.

Related cyber risk articles –

EU General Data Protection Regulation What you need to know BRIEF AUGUST 2018

CYBER LIABILITY INSURANCE – INSURING THE INTANGIBLE

DEFENCE CONTRACTOR HACKED – #CYBERATTACK RISK

LOST IN CYBER SPACE – “DANGER, WILL ROBINSON!”

404 ERROR: CYBER SECURITY FOR BUSINESS

COMMONWEALTH BANK DATA SECURITY BREACH – BECAUSE THE BANKING ROYAL COMMISSION WAS NOT EMBARRASSING ENOUGH