Australian Data Breaches 2022

Data Breach AU

Australia has a long history of data breaches and cybersecurity incidents. One of the most notable breaches was the 2019 Canva data breach, which affected over 139 million users. Service NSW also suffered a major cyberattack in 2020 that compromised the information of 104,000 customers. 

While these breaches were certainly devastating, they pale in comparison to what could happen in the future. As more and more businesses move online and store sensitive data electronically, the risk of a major data breach grows. It’s therefore vital for companies to stay informed about data breaches, so they can avoid becoming just another statistic.

Here are the most recent data breaches in Q1 of 2022: 

1. Ever-evolving phishing scams

Phishing scams use emails to trick recipients into clicking on links that lead to data-stealing websites or downloading malware-laced attachments. According to the latest Scamwatch statistics, there have been over 12,350 phishing reports since the start of 2022. So far, Australians have lost a staggering $637,000 due to phishing. The scams were typically delivered through email, but phishing through phone calls and text messages is also on the rise. What’s worse is that phishers have developed a cunning trick where they use fake pop-up authentication windows to steal their target’s login credentials. These windows look identical to Facebook, Google, Microsoft, and Apple services’, making the scam much more difficult to spot. 

The best way for companies to avoid these scams is leveraging anti-phishing software and security training. The former filters spam and fraudulent emails from reaching a user’s inbox. Meanwhile, training employees through phishing simulations will help them be more critical of emails, texts, phone calls, and websites. 

2. Ransomware threats on the rise

Ransomware is a type of malware that holds its victims’ files hostage with encryption and demands payment for their release. Hackers behind a ransomware attack will often threaten to delete or leak their victim’s data if the ransom is not paid on time. Many businesses and government agencies have fallen victim to ransomware, causing massive-scale data breaches. In fact, in December 2021, the Australian Taxation Office suffered a ransomware attack that locked users from their online accounts. In fact, Reports estimate that the attack compromised over 42,000 records containing names, tax file numbers, addresses, and bank details. 

More recently, experts have been warning businesses that ransomware threats may surge due to the Russia-Ukraine conflict. Massive ransomware campaigns conducted by Russian-sponsored hacking groups can spread to Western countries, including Australia. Thus, to mitigate these risks, businesses need to update their anti-malware software, perform regular data backups, and practice good online safety habits

3. FlexBooker denial-of-service (DoS) attack leads to massive breach

Online scheduling tool FlexBooker reported a DoS attack that disrupted their systems and compromised the personal data of 3.7 million users. The data stolen included email addresses, phone numbers, passwords, and partial credit card numbers. The FlexBooker breach also affected Bunnings, which relied on the online scheduling tool.  

Companies can defend themselves from these types of cyberattacks with high-level network security, including measures like next-generation firewalls, intrusion prevention systems, and proactive network monitoring. Businesses should also encrypt data at rest and in transit to prevent hackers from stealing sensitive information. 

4. Poor password habits create backdoors for cybercriminals 

In March 2022, hackers exploited weak passwords to attack Microsoft’s relational database management system with a remote access Trojan. Unfortunately, data breach incidents caused by poor password management are common. Of data breaches reported between July and December 2021, 48 were attributed to stolen credentials

This is why businesses must enforce strong password policies. Employees should set longer 12-character passphrases rather than generic passwords. This makes it more difficult for hackers to guess their way into company accounts. Employees must never reuse passwords for different accounts as the hacker can be able to trace and access the other accounts. 

Password managers like LastPass or Dashlane can help employees create and store strong passwords. These tools generate random passwords and autofill login forms, making it harder for hackers to guess or phish passwords. 

5. Human error causes massive NSW data leak 

Accidental disclosure of information is another common source of data breaches. On 14 February, the NSW Government reported that they accidentally leaked 566,000 addresses collected through their QR code registration system. The addresses belonged to organisations that registered to comply with NSW COVID-Safe regulations. However, addresses of domestic violence shelters and defence sites were also leaked, which poses serious safety issues. 

Businesses can avoid similar incidents with strict data sharing protocols. Additionally, employees must not be allowed to share sensitive information with the public and other organisations unless authorised to do so. Data loss prevention tools can also help businesses by scanning networks for sensitive data and blocking attempts to share it with external parties. 

If you need advanced security measures to mitigate the risk of data breaches, call Empower IT today. As a leading managed IT services provider, we offer highly effective cyber defences and support for Australian businesses.