Security Breach Update
4 April 2019

Small BusinessEach year in Australia there are thousands of cyber breaches to businesses. While most of these breaches affect smaller businesses, occasionally there are “major” cyber breaches that impact large organisations and a huge number of people.

March alone produced 5 major company breaches.

These business include:

  • AusPost’s Bill Scanner made to integrate into Google, but looks like it has failed the privacy requirements.
  • ASUS Computers with a major supply chain attack with an infected software update utility.
  • The Bank of Queensland with a personal data breach by LandMark White that was breached in Feb 2019.
  • Kathmandu with the online store hacked.
  • Citrix where 6TB of data has been downloaded.

Recent Breaches

Australia – Facebook – American social media company.

Exploit: System vulnerability

Risk to Small Business: Severe: After news broke that the personal details of over 60,000 Australians were exposed in a cyber-attack against Facebook last year, it looks like the final number has almost doubled. The revelations were disclosed in a confidential correspondence between Facebook and Australia’s privacy watchdog, the OAIC. The company maintains that passwords and payment information was not at risk, but certainly stands to lose disenchanted users once they are notified.

Risk to Exploited Individuals: Severe: Although hackers were able to access only names, emails, and phone numbers for 47,912 Australians, a whopping 62,306 Facebook users had their hometowns, recent check-ins, birthdays, education, work history, Facebook search history, genders, relationship status, religions, and more exposed. Additionally, over 1,000 could have had their private conversations accessed through Messenger. As such, the extent of this breach is certainly alarming and all Aussies should do everything in their power to prevent identity fraud.

Customers Impacted: At least an additional 60,000+ users.

Australia – Bank of Queensland

Exploit: Personal data breach by LandMark White Limited (LMW)

Risk to Small Business: Moderate:  LandMark White was a focus of a breach back in mid-February 2019, who are one of the biggest valuation firms used by the banks.  At the time, CBA and other major banks suspended the services immediately. BoQ now have suspended their services.

The “full extent” of the breach is still being determined, the bank said in a statement, although “it is believed that only a small number of customers have been impacted”.

Risk to Exploited Individuals: Severe: Reportedly, the data that was breached and disclosed was related “solely to property valuation services” undertaken by LMW – including customer names, contact information (including phone numbers and email addresses) and other details related to property evaluations.

Customers Impacted:  To be determined.


Canada – Canadian Internet Registration Authority – Canada’s not-for-profit agency that manages domain registry

Exploit: Ransomware infection to third-party system.

Risk to Small Business: Severe: On March 26th, the CIRA’s parking garage suffered from a ransomware attack, allowing anyone to enter without a security check and park for free. The compromise persisted for two days, resulting in systems being locked with a ransom note displayed by the attackers. Since the parking garage company Precise Link did not have a backup of the files, restoring the systems will come at an incredibly high cost.

Risk to Exploited Individuals: Severe: It is unclear if the hackers gained access to employee data, but the risk for citizens should be little to none.

Customers Impacted:  To be determined

Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
04/04/2019

Follow us on LinkedIn:

Related Articles:
World Backup Day
Data never expires on the Dark Web

Written by