AUSTRALIAN DATA BREACHES FOR Q2 2021

Written By Noreen Tenorio

The Office of the Australian Information Commissioner (OAIC) periodically publishes statistical information about notifications received under the Notifiable Data Breaches (NDB) scheme to raise public awareness. The below  are the key finding under the NDB scheme for the period from 1 July to 31 December 2020 and is current as of 2021.

  • 539 breaches were notified under the scheme, an increase of 5% from the 512 notifications received from January to June 2020.

  • Malicious or criminal attacks (including cyber incidents) remain the leading source of data breaches, accounting for 58% of notifications.

  • Data breaches resulting from human error accounted for 38% of notifications, up 18% from 173 notifications to 204.

  • The health sector remains the highest reporting industry sector, notifying 23% of all breaches, followed by finance, which notified 15% of all breaches.

  • The Australian Government entered the top 5 industry sectors to notify data breaches for the first time, notifying 6% of all breaches.

  • 68% of data breaches affected 100 individuals or fewer.

  • 78% of entities notified the OAIC within 30 days of becoming aware of an incident that was subsequently assessed to be an eligible data breach.

LION AUSTRALIA - RANSOMWARE - JUNE 2021

The Australia-based beverage giant behind beer brands Little Creatures, XXXX, Tooheys and James Squire has been hit by a second ransome attack after its manufacturing and IT systems were crippled by hackers demanding a ransom of reportedly $1 million in the week of June 10.

Lion Australia, which is also behind dairy brands Dairy Farmers and Pura, told employees during an all-staff meeting that it had been hit by a second cyber attack that had further disrupted its IT systems.

NSW HEALTH - DATA BREACH - JUNE 2021

NSW Government’s advised in early 2021, a world-wide cyber-attack that included NSW Government agencies. NSW Health is notifying people whose data may have been accessed in the global Accellion cyber-attack.

NSW Health has warned that “health-related personal information” and “identity information” is among the data accessed by attackers involved in the compromise of Accellion file transfer software.

JBS FOOD - RANSOMWARE - MAY 2021

The world's largest meat processing company, JBS Foods, has fallen victim to cyber attacks that have shut down production around the world, including in Australia. JBS USA has confirmed the company was targeted by an organised ransomware attack, which has paralysed its operations in North America and Australia.

Global meat processing company JBS Foods has since confirmed that it paid the equivalent of $US11 million ($14.2 million) to a criminal gang to end a five-day cyber attack that halted its operations around the world, including Australia.

UNITINGCARE QLD - RANSOMWARE - APRIL 2021

UnitingCare Queensland, a provider of hospital and aged care services, said some of its digital and technology systems were rendered “inaccessible” by a cyber attack on Sunday the 25th of April. Hospitals run by UnitingCare Queensland include The Wesley Hospital and St Andrews War Memorial Hospital, both in Brisbane, St Stephen's Hospital in Hervey Bay, and Buderim Private Hospital on the Sunshine Coast.

Hackers claiming responsibility for the attack on health and community care provider UnitingCare Queensland have been revealed as one of the most notorious cyber ransom gangs in the world, REvil/Sodin.

TPG TELECOM - DATA BREACH - APRIL 2021

TPG Telecom has confirmed that data freely available to download on the dark web belongs to one of its customers, following a cyber security breach of TPG’s servers in April.

The 5 gigabyte download, available at no charge on at least one dark web site, comes from one of the customers of TPG’s TrustedCloud service, a cloud-hosting service which the company was already in the process of decommissioning when it was hacked on April 25.

NAB - DATA BREACH - APRIL 2021

National Australia Bank has revealed it paid $686,878 in compensation to customers exposed in a 2019 data breach after the personal account details of more than 10,000 customers were uploaded to a website similar to Google Sheets.

Customer names, date of birth, contact information and government-issued ID numbers were all uploaded to a pair of third-party data companies, by a staff member responsible for the unauthorised data exfiltration.

CHANNEL 9 - RANSOMWARE - LATE MARCH 2021

Channel Nine suffered the largest cyber attack on a media company in Australia’s history. The cyber attack, reported by Channel Nine as a variation of a ransomware attack, struck early Sunday morning, resulting in television and digital production systems being offline for more than 24 hours. The attack impaired Channel Nine’s ability to broadcast from its Sydney studios, forcing the media outlet to shift operations to its Melbourne studios.

To read more on Australian Data Breaches for Q1 2021 click here.

Noreen Tenorio
Previous

CONSTRUCTION GIANT GAINS COMPETITIVE EDGE WITH ZERO-TRUST APPROACH TO SECURITY
Next

THREAT PROTECTION - AN ADVANCED SECURITY SOLUTION