Top Three (3) Notable Cyber Incidents in Recent Australian History

Moving into 2024, Australia faces new threats, including cyber incidents involving major corporations and government entities, highlighting the ongoing need to assess your cyber security posture and implement security measures.

In the dynamic realm of cyber security, we have witnessed unprecedented challenges and relentless digital threats. As technology advanced, so did the tactics of malicious actors, orchestrating cyber attacks that sent shockwaves through the digital infrastructure.

In this blog, we explore the impact of major data breaches in recent history and delve into the evolving challenges of data security to provide a better understanding of the implications of cyber attacks today.

In 2023, Australia was confronted with a series of cybersecurity challenges, notably triggered by the Optus data breach and the Medibank hacking incidents. These events marked the beginning of a year characterised by an alarming increase in security breaches, surpassing previous records. 

Summarised below are the key details and impacts on organisations and their constituents affected by notable cybercrimes that haunted Australia in the past three years.

1. LATITUDE

WHEN? March 2023

HOW SEVERE?

• Latitude faced a data breach affecting over 14 million individuals from Australia and New Zealand.
• Initially disclosed for 328,000 customers, the number increased to 14 million during further investigation.
• The breach ranks among Australia’s largest, following recent attacks on Optus and Medibank.

WHAT HAPPENED?

• Latitude, an Australian financial service provider, detected unusual activity, which prompted their announcement of a sophisticated cyber attack, originating from a major vendor used by the company. 
• The attacker gained Latitude employee login credentials, which were then used to pilfer personal information from other service providers. 

WHICH DATA AND/OR INFORMATION WERE LEAKED?

• 7.9 million driver’s license numbers and 53,000 passport numbers were compromised.

• Less than 100 customers had their monthly financial statements stolen.

• An additional 6.1 million records dating back to “at least 2005” were also taken, with 94% provided before 2013.

WHAT IS THE CURRENT STATUS?

• CEO Ahmed Fahour stated that impacted platforms are being rectified with enhanced security monitoring.

• Unreserved apology extended to affected customers, along with reimbursement for those opting to replace stolen ID documents. The company communicates details of compromised information and outlines remediation plans to all current and past customers and applicants.

• An ongoing investigation is examining Latitude’s role in the attack, its preventive capabilities, and the questions surrounding data retention beyond the mandated seven-year period.

• The company faces scrutiny and a potential class-action lawsuit.

• The government explores extending federal cyber agency intervention for private company cyber attacks.

2. MEDIBANK

WHEN? December 2022

HOW SEVERE?

• Nearly 9.7 million customers were impacted by the Medibank data breach.

WHAT HAPPENED?

• The attack was attributed to the REvil ransomware gang, a prominent group from Russia.
• Initial discovery of the privacy breach occurred when REvil posted a folder containing 6GB of raw data samples on a dark web blog.
• The ransomware group demanded a $10 million ransom, suggesting they possessed additional data for release.

WHICH DATA AND/OR INFORMATION WERE LEAKED?

• The data leaked from the breach encompassed names, birthdates, passport numbers, medical claims data, and medical records.

WHAT IS THE CURRENT STATUS?

• Medibank refused to pay the ransom demand despite experiencing one of Australia’s largest data breaches.

• No reported cases of identity or financial fraud have emerged, even though the leaked data is believed to be fully accessible on the dark web.

• Medibank advised customers to stay vigilant against credit checks and phishing scams and invested significantly in enhancing cybersecurity measures.

• The Office of the Australian Information Commissioner (OAIC) is investigating Medibank’s data handling practices, potentially resulting in a $50 million fine for inadequate security measures.

• Medibank may also face a class-action lawsuit.

3. OPTUS

WHEN? September 2022

HOW SEVERE?

• Personal data compromised, affecting up to 9.8 million customers (nearly 40% of the population).

WHAT HAPPENED?

• Optus, Australia’s second-largest telecommunications company, suspected state-affiliated cyber attackers infiltrated their internal network. If confirmed as state-affiliated, the breach likely resulted from a ransomware attack, favored by well-financed hacker groups for its high success rates and lucrative returns. 

• Speculations suggest that the criminal group accessed the system via an unauthorised API endpoint, bypassing the need for user/password or any authentication method to connect to the API. 

• Hackers leaked data online, demanded ransom, then retracted under law enforcement pressure, apologising and claiming data deletion. 

WHICH DATA AND/OR INFORMATION WERE LEAKED?

• Cyberattackers gained access to customer data, including names, dates of birth, addresses, phone numbers, passport information, driver’s license numbers, government ID numbers, medical records, and Medicare card ID numbers.

• Optus CEO Kelly Bayer disclosed that the breached database may contain records dating back to 2017.

WHAT IS THE CURRENT STATUS?

• Major policy criticisms emerged regarding the efficacy of Australian cybersecurity following the attack. 

• In April 2023, Optus faced a class-action lawsuit involving 1.2 million customers. 

• Australian Cyber Security Minister Clare O’Neil acknowledged that the nation lags a decade behind other developed countries in cybersecurity and data privacy.

• Investigations are ongoing, and Optus has not confirmed receipt of a ransomware note from the cybercriminals.

Nearly half (47%) of Australians said they would close their account or stop using a product or service provided by an organisation that experienced a data breach.

However, most Australians are willing to remain with a breached organisation provided the organisation promptly takes action, such as quickly putting steps in place to prevent customers experiencing further harm from the breach and making improvements to their security practices. 

 

Only 12% of Australians said there is nothing an organisation could do that would influence them to stay after a data breach.

(Source: https://www.oaic.gov.au/acaps) 

The Australian government is updating cyber security policies to counteract threats, but business organisations must not solely rely on these initiatives. The Australian Signals Directorate (ASD) notes that proposed security frameworks raise the security baseline, emphasising the need for businesses to implement additional controls to prevent data breaches. 

If you believe you or your organisation has fallen victim to a cyber attack, report a suspected cyber attack to www.cyber.gov.au or contact the Australian Cyber Security Centre at 1300 CYBER1 for 24/7 support and guidance. Additionally, use the ReportCyber portal to report cybercrime to the police.  

Experience the ‘new era’ standard of protection for your digital assets. 

New Era Technology stands as your dedicated partner, offering tailored and comprehensive cyber security solutions to safeguard your business, ensuring that your organisation is resilient in the face of ever-evolving cyber threats.  

Information for this blog post was sourced from Webber Insurance, UpGuard, ABC News, 7NEWS, Forbes, Cyber Daily, Trend Micro, AUCloud, and OAIC.