Below is a list of noteworthy data breaches that may impact Australian businesses.

Are Your Company’s Digital Credentials for Sale on the Dark Web?

Find Out with a Complimentary Dark Web Scan

Australia – Metrix Consulting

Exploit: Phishing scam
Metrix Consulting: Strategic insight consultancy

Risk to Small Business = Severe: A Metrix Consulting employee fell for a phishing scam that compromised the personal data for visitors of the Perth Mint. The data was provided by visitors who completed a survey that was stored on Metrix Consulting’s servers. This is the second data breach at Perth Mint in the past two years, and it could have significant implications for Matrix Consulting, as they may have a difficult time maintaining contracts if they can’t protect their customers’ data.

Individual Risk:= Severe: The personal data included visitors’ names, email addresses, home addresses, and telephone numbers. This information can be used in everything from identity fraud to spear phishing campaigns, so those impacted by the breach should carefully monitor their online accounts for suspicious activity. In addition, The Perth Mint is providing identity monitoring services to all victims and enrolling in this program can help provide long-term identity protection.

Customers Impacted: 1,480
How it Could Affect Your Customers’ Business: Companies that can’t or won’t protect their customers’ data face a serious competitive disadvantage in today’s breach-fatigued environment. As we often report here, many companies terminate contracts with businesses that fail to secure their information, making data security a bottom-line issue for any organization collecting and storing personal data.

Australia – Yarra Tram

Exploit: Accidental data exposure
Yarra Tram: Melbourne-based tram network

Risk to Small Business = Moderate: A Yarra Tram officer email to 91 commuters rejected their compensation requests, but the employee failed to conceal the email addresses, exposing them to the other recipients. Embarrassingly, in a follow-up email that attempted to recall the initial message, the sender once again failed to conceal recipient names. Victims took to social media, complaining about the error. Despite being entirely avoidable, this unforced error will result in a reputational black eye for the company, which will have to work with its customer base to restore trust after this incident.

Individual Risk = Moderate: Recipients’ email addresses were exposed in the message. While this information doesn’t pose a significant threat to data security, it could be used to send phishing emails, and users should carefully evaluate any unusual incoming messages.

Customers Impacted: 91
How it Could Affect Your Customers’ Business: Companies face cybersecurity threats from every direction, making internal, unforced errors especially egregious. Often, accidental data sharing is the result of a careless approach to data privacy. Therefore, every organization has an obligation to train their employees in the importance of data security and implement defensive best practices to reduce the risk of an embarrassing and costly data breach.

New Zealand – Generate

Exploit: Unauthorized database access
Generate: Voluntary, work-based savings initiative

Risk to Small Business = Severe: Hackers accessed and downloaded customers’ personal data in a holiday heist that wasn’t identified until January 27th. The data breach, which did not include investor funds, is a serious privacy violation for its users, and the company’s slow identification and delayed response will only make matters worse. Now, the company faces an uphill battle to restore customer trust, which will be crucial to maintaining a competitive edge in an already crowded marketplace.

Individual Risk = Severe: Customers’ personal data was compromised in the breach. This includes photographic ID images, tax document numbers, names, and addresses. This information puts victims at risk of identity theft or financial fraud, and victims should enroll in credit and identity monitoring services to protect their credentials’ long-term integrity. Moreover, Generate is asking all users to reset their account passwords.

Customers Impacted: 26,000
How it Could Affect Your Customers’ Business: Customers are growing weary of working with companies that can’t protect their personal data. Since they often have many options to choose from, a data security incident could be the differentiator that encourages customers to take their business elsewhere. In today’s digital landscape, data security is a bottom line issue that companies can’t take seriously enough.

Australia – Ashley Madison

Exploit: Unauthorized database access
Ashley Madison: Adult romance website

Risk to Small Business = Severe: Cybercriminals are redeploying data from Ashley Madison’s 2016 data breach to target Australian users with sextortion emails. These messages contain intimate and highly personal information gleaned from the breach, and cybercriminals are threatening to publicly release the information if victims don’t pay a Bitcoin ransom. The emails are highly personalized, and include sensitive personal details derived from the initial data breach. While it’s easy to write-off a data breach at an adult website, it reflects the IT environment experienced by any company that collects personal data, and the many ways that hackers exploit that information to make money.

Individual Risk = Severe: The personalized emails include users’ names, bank account numbers, phone numbers, addresses, and dates of birth. It also contains private content and communications conducted on the website.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Data breaches impact more than just a company’s bottom-line. They often have tangible consequences for each individual compromised in a breach, and even years after a breach, they can continually reappear, causing personal, psychological, and financial trouble for victims. It should encourage every company to take every step possible to protect personal data.

Australia – Manheim

Exploit: Ransomware

Manheim: Wholesale automotive retailer

Risk to Small Business = Severe:

A ransomware attack has disrupted Manheim’s computer systems and workflows. Although the company can operate in a limited capacity, the company will still incur high costs to decrypt their hardware and update their cybersecurity standards plus unrecoverable productivity losses. At the same time, ransomware attacks can cause significant reputational damage, ensuring that the company will grapple with the fallout for much longer than hackers hold their systems hostage.

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware attacks are not only becoming more costly, they are also becoming frighteningly familiar. Unfortunately, there are no good response methodologies once an attack happens. The best defense is for every company to take meaningful steps to prevent ransomware from worming its way into their systems. The cost of assessing your organization’s readiness and enacting preventative measures is a small price to pay in order to repel these potentially devastating attacks.

Australia – Natonic

Exploit: Malware attack

Natonic: Health and beauty product retailer

Risk to Small Business = Severe:

Security researchers have identified payment skimming malware on Natonic’s online store. The script appears to be related to MageCart, a prominent hacking group that steals customers’ personal and financial data by injecting malware into online stores. Although security researchers confirmed that the script is no longer active on Natonic’s webstore, the attack could have costly implications for the retailer – consumers may be less likely to shop with an online retailer with a history of data security issues.

Individual Risk = Severe:

Payment skimming malware tricks customers into entering their payment information at checkout then sends that information to the cybercriminals instead of the retailer. While it’s unclear what information was compromised in this breach, shoppers should assume that any information entered on the webstore could be impacted. Users should notify their financial institutions of the breach while taking additional steps to secure their accounts and personal details.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Customers are aware that online transactions can be risky. They count on the companies that they do business with to help keep their personal and financial data secure. For companies that rely on online sales to drive revenue, data security has to be a top priority. The fallout from customer dissatisfaction caused by a data breach can badly damage a company’s reputation and significantly harm their ability to compete in today’s digital environment.

Are Your Company’s Digital Credentials for Sale on the Dark Web?

Find Out with a Complimentary Dark Web Scan



%d bloggers like this: