Incident: MYOB in payslip privacy bungle | iTnews

Incident: MYOB in payslip privacy bungle | iTnews

Australian Information Security Incident Reported: July 04  2019

MYOB in payslip privacy bungle

Blamed on cloud system “glitch”.
Reported in: iTnews

“On 28 June we discovered a small number of people received incorrect payment summaries sent between 1 June and midday 28 June 2019,” the MYOB said in a statement.

“Our investigation has since revealed 220 individual payment summaries went to the incorrect person.”

The company said it had called in the ATO and the Office of the Australian Information Commissioner over the breach

Source: MYOB in payslip privacy bungle

Portal flaw leads to some NDIS users losing money | iTWire

Australian Information Security Incident Reported: September 11 2018


A vulnerability in the service portal for the National Disability Insurance Scheme has allowed a number of providers to obtain personally identifiable information of users and steal money.

The flaw allowed any user or registered provider to gain access to random support pages for users by guessing a nine-digit plan number. Companies could then bill these users and receive payment right away.

In a statement, the National Disability Insurance Agency, the organisation running the scheme, said its Fraud Taskforce had identified “a small number of providers who may be seeking to exploit the NDIS”.

Source: iTWire – Portal flaw leads to some NDIS users losing money

Australian BPO firm Onehalf leaves data exposed on GitHub | iTWire

Australian Information Security Incident Reported: August 30 2018

Australian business process outsourcing company Onehalf left medical information for hundreds of individuals and bank account numbers for several large Australian enterprises exposed in a set of unsecured public GitHub repositories, the security firm UpGuard says.

Source: Australian BPO firm Onehalf leaves data exposed on GitHub

CommBank sent 650 customer emails to wrong domain | iTWire

Australian Information Security Incident Reported: June 02 2018

About 10,000 customers of the Commonwealth Bank of Australia, the country’s biggest bank, may have had their personal information compromised due to emails being sent to the cba.com domain, instead of cba.com.au.

The bank said it had confirmed that none of this data had been used and that it was deleted from the cba.com email servers.

“From January 2017, we have been blocking internal emails addressed to the cba.com domain name.”

Source: CommBank sent 650 customer emails to wrong domain

St George Bank hit by email scam | iTWire

Australian Information Security Incident Reported: June 01 2018

A new email scam using St George Bank trademarks has been revealed, where scammers try and deceive victims into submitting their bank login details to a phishing site.

SK: Educate your customers, educate your customers, educate……
Oh, and two factor!!!!!!

Source: St George Bank hit by email scam

Roseanne’s face appears on BoM site, but hack denied | iTWire

Australian Information Security Incident Reported: June 01 2018

The face of disgraced American television star Roseanne Barr suddenly appeared in all its glory in the most unlikely of places on Thursday: as a radar image on the website of the Bureau of Meteorology.

But the bureau denied there had been any intrusion into its network. The screenshot was taken at 8.30am AEST on Thursday.

Source: Roseanne’s face appears on BoM site, but hack denied