by Steven Kirby | Aug 8, 2019 | 9 News, Australia, Australian InfoSec Incidents 2019, Data Breach, Education and Training, Hacked, Phishing, Privacy Breach
TAFE NSW staff details stolen after computer systems allegedly hacked
Around 30 employees have not been paid on time after having personal information stolen in what TAFE NSW said was a “targeted phishing attack”.
Reported in: 9 News
Computer hackers have allegedly breached TAFE NSW’s payroll system and stolen bank details of at least two dozen staff, TAFE and a victim of the hack said.
“These credentials were used to access employee self service functions within the payroll system and alter bank details,” he told nine.com.au. “The attempt was discovered quickly and measures immediately put in place to stop fraudulent payments.
“TAFE NSW is working with Cyber Security NSW and the NSW Police Cyber Crime unit to identify the source of the breach and to ensure it doesn’t happen again.
Source: TAFE NSW staff details stolen after computer systems allegedly hacked
by Steven Kirby | Aug 7, 2019 | Australia, Australian InfoSec Incidents 2019, Data Handling, Medical and Health Care, Privacy Breach, SMH - The Sydney Morning Herald
Thousands of Australian medical histories exposed in data breach
Reported in: SMH
Tens of thousands of Australians have had their medical histories and other private information exposed in a large data breach of a company that enabled them to participate in paid clinical trials.
The database belonging to Neoclinical exposed approximately 37,000 people’s contact information and their responses to personal medical questions qualifying them for clinical trials, which included information about diagnoses, illicit drug use and treatments.
Source: Thousands of medical histories exposed in data breach
by Steven Kirby | Jul 28, 2019 | Australian InfoSec Incidents 2019, Data Breach, Education and Training, iTnews, Physical Security, Privacy Breach, Western Australia
Thieves steal laptops with 30 years of data from University of Western Australia
Reported in: iTnews
Thieves broke into the University of Western Australia and stole an undisclosed number of laptops containing “fragmented” student data stretching back 30 years.
Vice-Chancellor Professor Dawn Freshwater said in an email to students that the laptops contained “fragmented data relating predominantly to people who applied to study at UWA between 1988 and January 2018” stored locally on the machines. “The bulk of this data relates to Australian citizens or residents and includes tax file numbers (TFN) and student identification numbers, and in these cases while some names and contact information are spread across the laptops, they are not directly linked to the TFNs or student IDs,” she said.
International students that applied to study at UWA “between September 2014 and December 2018” had a wider variety of information stored on the stolen machines, included personal details, passport numbers, and Visa status and numbers.
by Steven Kirby | Jul 26, 2019 | Australia, Australian InfoSec Incidents 2019, Banking and Finance, Data Handling, iTnews, Privacy Breach
NAB reveals 13,000-person data breach at 6PM Friday
Dataset uploaded to the servers of two service providers. And not burying news, promise.
Reported in: iTnews
NAB disclosed a data breach late Friday after a dataset containing the personal details of approximately 13,000 customers was uploaded to the servers of “two data service companies”.
Chief data officer, Glenda Crisp, said the compromised data “included customer name, date of birth, contact details and in some cases, a government-issued identification number, such as a driver’s licence number.”
Crisp attributed the issue to “human error”.
by Steven Kirby | Jul 4, 2019 | Audit Report, Australia, Australian Audit Report 2019, Government Agency, iTnews
Australian Information Security Audit Report July 4 2019
Auditor says risk aren’t being managed “effectively”.
Reported in: iTnews
One of the reasons for this result was that despite having a fit for purpose cyber security risk management framework, the government-owned corporation had “not met the requirements of its framework”. Specifically Australia Post has “not effectively managed cyber security risks”, having not undertaken a “detailed security risk management assessment” on the two systems for two years.
“Australia Post has not met the requirements for ICT controls in its framework, having not implemented all specified key controls, and as a result has rated the overall cyber risk as significantly above its defined tolerance level,” the Australian National Audit Office (ANAO) said.
Details are contained in the ANAO audit of cyber resilience published on the 4 July 2019
by Steven Kirby | Jul 4, 2019 | Australia, Australian InfoSec Incidents 2019, Data Handling, Insider Threat, iTWire, Privacy Breach, Services, Unauthorised Access
MYOB in payslip privacy bungle
Blamed on cloud system “glitch”.
Reported in: iTnews
“On 28 June we discovered a small number of people received incorrect payment summaries sent between 1 June and midday 28 June 2019,” the MYOB said in a statement.
“Our investigation has since revealed 220 individual payment summaries went to the incorrect person.”
The company said it had called in the ATO and the Office of the Australian Information Commissioner over the breach
Source: MYOB in payslip privacy bungle
