In a troubling start to the year, several prominent Australian companies have fallen victim to a series of cyber attacks, resulting in widespread data breaches. The incidents have exposed sensitive information and raised concerns about the state of cybersecurity in the country.
Quantum Radiology – Hacked Radiologist Downplays Incident
Quantum Radiology, a Sydney-based radiology center, experienced a cyber attack in January 2024. In an unusual move, the hacked radiologist instructed staff to inform customers that the breach was merely a technical fault. This incident highlights the challenges organisations face in addressing and mitigating the impact of data breaches.
Nissan Australia – Cyber Incident Under Investigation
(Nissan) reported an ongoing cyber incident. The company is actively managing the situation and providing updates on their incident response. The extent and nature of the breach are yet to be fully disclosed.
Hal Leonard Australia – Ransomware Attack Strikes Music Giant
Hal Leonard Australia, a major print music distributor, fell victim to a Qilin ransomware attack. The company is currently grappling with the aftermath of the breach, and the incident underscores the evolving tactics employed by cybercriminals targeting businesses of all sizes.
Binge, Dan Murphy’s, Guzman y Gomez – Coordinated Attack on Popular Brands
In a coordinated assault on popular brands, hackers targeted Binge, Dan Murphy’s, and Guzman y Gomez. Customers of these services were affected in a credential stuffing campaign, raising concerns about the vulnerability of user accounts and personal information.
Labour – Government Data Breach Exposes Millions of Files
The Australian Labor Party suffered a major government data breach, resulting in the theft of millions of files from key departments. This incident raises questions about the security measures in place to protect sensitive government information and the potential implications for national security.
The Iconic and Inspiring Vacations – Retail and Travel Industries Hit
The Iconic, a prominent online fashion retailer, faced hacking claims, with criminals utilizing ‘credential stuffing’ to gain unauthorised access to customer accounts.
The company has promised refunds to affected customers. Simultaneously, Australian travel agency Inspiring Vacations exposed customer data due to a publicly accessible database.
It recently wrote in a swarm statement, “Inspiring Vacations would like to clarify that the number of individuals at risk of data misuse is significantly smaller than suggested in a number of recent media reports,”
The company has now completed a detailed investigation and notified reporting sources appropriately. The number of people notified is considerably less than 112-thousand people.
The databases and folders were secured as soon as the company was notified of the incident. Inspiring Vacations can confirm that there has been no further access to its systems.
Court Services Australia – Qilin Ransomware Gang Allegedly Targets Victorian Courts
Victoria’s court systems allegedly fell victim to a cyber attack orchestrated by the Qilin ransomware gang, with reports suggesting the involvement of Russia-based hackers. The incident raises concerns about the potential compromise of sensitive legal information.
Yakult Australia and Eagers Automotive – Further Targets of Cyber Attacks
Yakult Australia confirmed a cyber incident, investigating the extent of system and data access by threat actors. Meanwhile, Eagers Automotive, a major Australian vehicle dealership giant, experienced a cyber attack that led to a halt in trading and a systems outage.
How many data breaches in Australia in 2023?
Notifications received January to June 2023 – All sectors
| Reporting period | Number of notifications |
|---|---|
| July to December 2022 | 486 |
| January to June 2023 | 409 |
| Total | 895 |
Key findings for the January to June 2023 reporting period:
- 409 breaches were notified compared with 486 in July to December 2022 – a 16% decrease.
- Malicious or criminal attacks remained the leading cause (70%) of data breaches.
- Human error breaches were the fastest to be identified with 81% identified in 30 days or fewer. Only 57% of system faults were identified in the same timeframe.
- The health and finance sectors remained the top reporters of data breaches. Health reported 63 breaches (15% of all notifications) and finance 54 breaches (13% of all notifications).
- The majority of breaches (63%) affected 100 or fewer people.
What Was Australia’s Biggest Data Breach?
The Latitude breach was one of Australia’s largest breaches in recent history following the Optus and Medibank breaches of 2022. The breach was caused by a cyberattack, but the exact method of attack has not yet been disclosed.
A sophisticated cyber attack resulted in approximately 328,000 customer ID’s being breached, with 103,000 (more than 97%) believed to have had their drivers’ license information compromised or stolen.
As Australian companies grapple with the fallout from these cyber attacks, the need for robust cybersecurity measures and increased vigilance in the face of evolving threats becomes more evident.
Authorities and businesses alike are urged to prioritise cybersecurity to safeguard sensitive data and protect the interests of individuals and organisations across the nation.
