English 
Français
Deutsch
Español
Italiano
Português
日本語
한국어
Русский
4 Australian Cyber Security and Data Breach Case Studies
Here are the details of four recent cyber security and data breaches in Australia:
Meriton was involved in a supply chain attack in March 2023. It is still under investigation, but it was classified as a Personally Identifiable Information (PII) and Protected Health Information (PHI) data breach.
It was caused by data shared with their suppliers and other parties. The data breach affected guests and past and present employees of Meriton Suites. It was 35.6 GB of data including a significant amount of sensitive information, including birth certificates and bank details, salary records, tax file numbers and health information.
The breach was reported to the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. Meriton has personally contacted all people affected.
Good Guys suffered from a supply chain attack of their loyalty program. The breach occurred in 2021 but was only discovered in August 2023. It is still under investigation. It's a PII breach.
It was caused by access to the third party via their loyalty program. Some of the customer's passwords were stolen, and some had their date of birth hacked. This affected approximately 1.5 million members.
As a result, the Concierge member benefits program has been closed. The Good Guys no longer used My Rewards (formally known as Pegasus Group).
Latitude Financial Services was involved in an indemnity theft and ransom attempt. It is still under investigation. It's another PII beach with stolen credentials.
Internal systems were breached and allowed a bad actor to steal an employee's login. The data was not encrypted. Latitude received a ransom demand which was refused.
14 million customer records were stolen. This data breach included sensitive information such as driver's licence numbers, passport numbers, addresses, phone numbers and dates of birth.
The company lost up to $105 million. A class action has been launched. Latitude will reimburse customers for the replacement cost of their stolen ID documents.
Crown Resorts is involved in the exploitation of a zero-day vulnerability. This was caused by a delay in implementing a security patch. Documents were accessed via a breach of GoAnywhere, a third-party file transfer service.
It is alleged that the Ransomware gang Clop is behind the attack.
The breach occurred in March 2023. It was caused by a delay in implementing a security patch. This led to a data breach of employee salary information and casino machine reports.
The vulnerability has now been patched. But the investigation is ongoing.
Unfortunately, we cannot prevent cyber security attacks and data breaches from happening. We can implement best practices in security and minimise the damage when they occur.
Recommendations to organisations:
Recommendations to individuals:
The business is responsible for keeping your data secure. Be proactive about your company's cyber-attacks. Remember the motto: If you see something, do something.
Brisbane-based technology reviewer and writer, Emma Crameri is a regular contributor for Women Love Tech and the lifestyle site TheCarousel.com - where she reviews products. Passionate about all things tech, she has worked on ICT projects, online education and digital marketing. An early adopter, with both Android and Apple devices, Emma is also the Editor of the Brisbanista website.