Data Breaches 2022 in Australia

University of Western Australia – August 2022

• Student details, photos exposed in University of WA data breach
• University of Western Australia Student Details Exposed in Data Breach
• University of Western Australia Confirms Student Details Exposed in Data Breach

Uber – July 2022

• Uber confesses it covered up a huge data breach | Confession comes as part of DoJ settlement
• Uber settles with DOJ for failing to disclose breach that exposed 57 million users’ data

Perth Festival, Black Swan State Theatre Company – July 2022

• Perth Festival, Black Swan Theatre and other arts organisations hit by major data breach

Victorian Government – July 2022

• Students, travellers and staff exposed as Hotel Quarantine data breach revealed

Woolworths – July 2022

• Woolworths denies data breach after outraged shoppers claim Everyday Rewards hacked

Marriott – July 2022

• Marriott suffers yet another data breach

Mangatoon – July 2022

• Millions of comic book fans have data leaked after Mangatoon breach

China Police – July 2022

• Private information of more than 100 Australians exposed amid huge China police data leak

Deakin University – July 2022

• Deakin University reveals breach of 47,000 students’ details | Subset targeted with smish sent via officially-used SMS channel.
• Data on Almost 47,000 Students Exposed in Deakin Uni Breach
• Hackers target Deakin Uni

AMD – July 2022

• AMD is investigating a serious potential data breach | An attacker claims to have stolen 450Gb of sensitive data
• AMD Is Investigating a Potential Data Breach Allegedly Caused by Weak Passwords

OpenSea – July 2022

• OpenSea customers warned to stay on high alert for phishing attacks | OpenSea email database exposed by third party
• NFT giant OpenSea reports major email data breach
• OpenSea users’ email addresses leaked in data breach

iCare – June 2022

• iCare data breach due to ‘human error’, agency says
• iCare launches systems review after 193,000 claimants affected by privacy breach
• iCare sends private details of 193,000 workers to wrong employers

Department of Home Affairs – May 2022

• Hundreds of classified Home Affairs documents believed sent to unsecured address in ‘serious’ breach of security protocols

NDIS – May 2022

• Sensitive NDIS health data breached in client platform hack
• NDIS case management system provider breached | Updated: “Large volume” of sensitive health data exposed.

Spirit Super – May 2022

• Spirit Super hit by data leak, 50,000 accounts exposed
• 50,000 super fund members impacted by data breach

APAC – May 2022

• APAC organisations fail to disclose ransomware breaches

Facebook – May 2022

• Facebook’s Zuckerberg sued for data breach
• Mark Zuckerberg, head of Facebook-owner Meta, is being sued in the US over the Cambridge Analytica scandal that compromised the personal data of millions

South Australian Government – May 2022

• More than 90,000 South Australian public servants now involved in payroll data breach

National Tertiary Education Union – May 2022

• NTEU becomes victim of data breach | NTEU servers were subject to a ransomware attack, a week out from University wide-strikes

Transport for NSW – May 2022

• TfNSW hit by another data breach
• TfNSW hit by second cyber attack in less than 18 months | Confirms authorised inspection scheme system data accessed
• Data breach a Transport for NSW fail

Coca-Cola – April 2022

• Coca-Cola investigating potential large-scale data breach | A new threat actor claims to have stolen gigabytes of data

Top Data Breaches and Cyber Attacks of 2022

• Cybercrime is big business, and it’s already rife in 2022 – we’ve highlighted ten top cases

Panasonic – April 2022

• Panasonic hit by another major cyberattack | Almost 3GB of data taken in attack on Panasonic

Block (ASX:SQ2) – April 2022

• Block (ASX:SQ2) share price jumps 6% despite reporting a data breach

Warrnambool Council – March 2022

• Data breach was ‘not serious’

OKTA – March 2022

• Okta says third-party breach may have impacted up to 366 customers – Hackers took control of contractor’s computer
• Lapsus$ hackers exploited Okta supplier’s security lapses – Allegedly found spreadsheet with login credentials.
• Okta investigates possible data breach – May relate to third-party customer support engineer targeted in January.
• Okta confirms hundreds of customers could be affected by data breach – January 2022 breach could have affected hundreds of Okta customers

Microsoft – March 2022

• Hackers Post Images Showing Possible Microsoft Breach – The same cybercriminal group that recently breached Nvidia briefly shares a screenshot that suggests the hackers also gained access to Bing’s source code.
• Microsoft Azure DevOps targeted by hackers
• ‘Single account’ compromise led to Microsoft’s Lapsus$ code leak – Attackers were interrupted mid-operation

Ubisoft – March 2022

• Ubisoft says ‘cyber security incident’ last week shows no evidence of data breach – Ubisoft’s IT team is working with external experts to investigate the incident, which took place last week.
• Ubisoft fans need to change their passwords now – Ubisoft player data should still be safe

Nvidia – March 2022

• Over 71,000 Nvidia accounts have personal data leaked following hack
• Nvidia says employee, company information leaked online after cyber attack
• Nvidia hackers claim they also hit Vodafone, threaten data leak

Samsung – March 2022

• Samsung confirms data breach after hackers leak internal source code
• Hacking group allegedly leaks 190GB of data from Samsung
• Nvidia hackers hit Samsung and leak huge data dump
• Samsung hit by major data breach — Galaxy device source code stolen
• Samsung Galaxy source code targeted by Lapsus$
• Samsung confirms hack: is your TV or smartphone at risk?

Australian Data Breaches Report

• Australian data breach statistics revealed in OAIC report

Toyota Motor – March 2022

• Toyota suspends domestic factory operations after suspected cyber attack | 13,000 vehicles held up after supplier hacked

OAIC Report – February 2022

• Australian gov data breach numbers slip out of public view
• Latest notifiable data breaches report

NSW Government – February 2022

• Sensitive addresses among more than 500,000 leaked from NSW Government database
• NSW nurses strike as data breach defended
• Sensitive business addresses among 500,000 published in COVID data breach

News Corp – February 2022

• News Corp reports cyber data breach
• News Corp reports cyber data breach
• Chinese hackers believed to be behind News Corp data breach

CFMMEUR – February 2022

• Union fined for data centre breach

Red Cross Australia – January 2022

• Locations and contact data on 515,000 vulnerable people stolen in Red Cross data breach
• Australian Red Cross clients potentially caught up in international cyber attack
• Red Cross cyberattack sees data of thousands at-risk people stolen
• Red Cross Cyber Attack Exposes Data of 515,000 Vulnerable People
• Australian Red Cross warns clients of potential security breach
• Aussie Red Cross flags potential cyber breach
• Australian Red Cross clients potentially caught up in international cyber attack
• Red Cross hackers exploited Zoho vulnerability to gain entry | Accessed case files of 515,000 vulnerable people held in encrypted database

TfNSW (Accellion) – January 2022

• TfNSW finds more customers, employees impacted by Accellion breach

FlexBooker – January 2022

• Scheduling Platform FlexBooker Discloses Data Breach Affecting 3.7 Million Accounts

Bunnings – January 2022

• Bunnings private customer data exposed in data breach
• Bunnings Customer Data Breached
• Bunnings Confirms Some Customer Data Is Caught up in FlexBooker Breach
• Bunnings stresses little risk to customers from FlexBooker data leak
• Bunnings’ drive and collect customer data caught up in FlexBooker security breach on Amazon cloud
• Bunnings shoppers’ personal information potentially exposed to data security breach
• Bunnings customers caught up in international data breach