Incident: Thieves steal laptops with 30 years of data from University of Western Australia | iTnews

Incident: Thieves steal laptops with 30 years of data from University of Western Australia | iTnews

Australian Information Security Incident Reported: July 28  2019

Thieves steal laptops with 30 years of data from University of Western Australia

Reported in: iTnews

Thieves broke into the University of Western Australia and stole an undisclosed number of laptops containing “fragmented” student data stretching back 30 years.

Vice-Chancellor Professor Dawn Freshwater said in an email to students that the laptops contained “fragmented data relating predominantly to people who applied to study at UWA between 1988 and January 2018” stored locally on the machines. “The bulk of this data relates to Australian citizens or residents and includes tax file numbers (TFN) and student identification numbers, and in these cases while some names and contact information are spread across the laptops, they are not directly linked to the TFNs or student IDs,” she said.

International students that applied to study at UWA “between September 2014 and December 2018” had a wider variety of information stored on the stolen machines, included personal details, passport numbers, and Visa status and numbers.
 

Source: Thieves steal laptops with 30 years of data from University of Western Australia
University Statement: Computer theft / Data-loss notification
Incident: NAB reveals 13,000-person data breach at 6PM Friday | iTnews

Incident: NAB reveals 13,000-person data breach at 6PM Friday | iTnews

Australian Information Security Incident Reported: July 26  2019

NAB reveals 13,000-person data breach at 6PM Friday

Dataset uploaded to the servers of two service providers. And not burying news, promise.
Reported in: iTnews

NAB disclosed a data breach late Friday after a dataset containing the personal details of approximately 13,000 customers was uploaded to the servers of “two data service companies”.

Chief data officer, Glenda Crisp, said the compromised data “included customer name, date of birth, contact details and in some cases, a government-issued identification number, such as a driver’s licence number.”

Crisp attributed the issue to “human error”.

 

Source: NAB reveals 13,000-person data breach at 6PM Friday
Company Statement: NAB apologises to customers for data breach (inc. Video)
NZ Incident: Google suspends NZ ‘trending’ emails after suspect’s name released | iTnews

NZ Incident: Google suspends NZ ‘trending’ emails after suspect’s name released | iTnews

Google has suspended an email alerting system in New Zealand following criticism by the government for publishing suppressed details of a murder case, the company said on Friday.

New Zealand Prime Minister Jacinda Ardern expressed disappointment about Google’s failure to abide by a court order suppressing the name of a man accused of killing 22-year-old British backpacker Grace Millane.

Source: Google suspends NZ ‘trending’ emails after suspect’s name released

Audit: Australia Post told to improve cyber security practices | iTnews

Audit: Australia Post told to improve cyber security practices | iTnews

Australian Information Security Audit Report July 4 2019

Auditor says risk aren’t being managed “effectively”.

Reported in: iTnews

One of the reasons for this result was that despite having a fit for purpose cyber security risk management framework, the government-owned corporation had “not met the requirements of its framework”. Specifically Australia Post has “not effectively managed cyber security risks”, having not undertaken a “detailed security risk management assessment” on the two systems for two years.

“Australia Post has not met the requirements for ICT controls in its framework, having not implemented all specified key controls, and as a result has rated the overall cyber risk as significantly above its defined tolerance level,” the Australian National Audit Office (ANAO) said.

Details are contained in the  ANAO audit of cyber resilience published on the 4 July 2019

Audit: CBA to ‘substantially’ overhaul privacy under OAIC undertaking | iTnews

Audit: CBA to ‘substantially’ overhaul privacy under OAIC undertaking | iTnews

Australian Information Security Audit Report June 27 2019

CBA has 90 days to submit plans.

Reported in: iTnews

The Office of the Australian Information Commissioner (OAIC) has accepted a court-enforceable undertaking from the Commonwealth Bank of Australia (CBA) in the wake of investigations into issues with the bank’s handling of customer data.

As part of the undertaking, CBA now has 90 days to develop and submit to the OAIC a work plan and timetable of work to meet address its privacy obligations, including a review of its policies, procedures and data retention standards, while also providing staff training to ensure compliance.

“CBA must also assess its IT services and systems to make sure it takes appropriate steps to control access to customers’ personal information,” the OAIC said.

Incident: Aussie fashion e-tailer Princess Polly suffers data breach | iTnews

Incident: Aussie fashion e-tailer Princess Polly suffers data breach | iTnews

Australian Information Security Incident Reported: June 1 2019

Australian online fashion e-tailer Princess Polly suffered a data breach which may have exposed customers’ personal and payment information to an “unidentified third party”.

The company warned customers in an advisory note to watch their credit or debit card statements closely and to report unusual activity to their bank.

Princess Polly said that the data breach had been uncovered “recently” and that it impacted customers that shopped on its A/NZ site between 1 November 2018 and 29 April 2019. The attackers may have been able to capture payment details as they were typed into the site

Source: Aussie fashion e-tailer Princess Polly suffers data breach