Incident: Sydney headquartered MEGT data breach exposed students passport details, education data | Computerworld

Incident: Sydney headquartered MEGT data breach exposed students passport details, education data | Computerworld

Australian Information Security Incident Reported: June 27 2019

Sydney headquartered MEGT data breach exposed students passport details, education data

Education provider hit by sizeable data breach
Reported in: Computer World Australia

Sydney-headquartered MEGT provides recruitment, group training and payroll services. The breach is believed to have related to its international student education arm.

An open Amazon Web Services S3 bucket exposed sensitive data about international students, including passport scans, visa details, and education agreements.

The collection of tens of thousands of documents appeared to include invoices, placement documents, and copies of emails received by MEGT.

.Source: Data breach exposed students passport details, education data

Audit: NSW unis facing significant cyber risks | Technology Decisions

Audit: NSW unis facing significant cyber risks | Technology Decisions

Australian Information Security Audit Report June 12 2019

NSW unis facing significant cyber risks

Reported in: Technology Decisions

Universities across NSW are exposed to cyber attacks due to significant deficiencies in IT internal controls, an audit has found.

An audit of 10 universities conducted by the state’s Auditor General also found that three universities are still developing a strategy to safeguard against cybersecurity risks, and two have yet to establish a recovery plan following a cyber attack.

According to the report, 51 of the 99 internal control deficiencies identified in the audit are related to IT, and these deficiencies can represent significant vulnerabilities for the universities.

No university had implemented all of the Australian Cyber Security Centre’s Essential Eight threat mitigation strategies. Most universities have adopted measures including regularly patching operating systems (10 universities), restricting and reviewing administrative privileges (nine), checking and applying security patches (eight) and conducting daily backups (seven), and disabling or restricting Office macro settings (six).

Incident: Australian tech unicorn Canva suffers security breach | ZDNet

Incident: Australian tech unicorn Canva suffers security breach | ZDNet

Australian Information Security Incident Reported: May 24 2019

Hacker claims to have stolen the data of 139 million Canva users.

Canva, a Sydney-based startup that’s behind the eponymous graphic design service, was hacked earlier today, ZDNet has learned.

Data for roughly 139 million users has been taken during the breach, according to the hacker, who tipped off ZDNet.

Stolen data included details such as customer usernames, real names, email addresses, and city & country information, where available.

Source: Australian tech unicorn Canva suffers security breach | ZDNet

Incident: Govt IT contractor charged over cryptocurrency mining – Security | iTnews

Incident: Govt IT contractor charged over cryptocurrency mining – Security | iTnews

Australian Information Security Incident Reported: May 21 2019

A Sydney man has been charged by the Australian Federal Police for allegedly modifying the computer systems of a federal government agency to mine cryptocurrency while employed as an IT contractor

More than $9000 allegedly mined on agency IT systems.

Source: Govt IT contractor charged over cryptocurrency mining – Security – iTnews

Incident: Sydney man charged over Netflix, Spotify credential-stuffing, stolen accounts | iTnews

Incident: Sydney man charged over Netflix, Spotify credential-stuffing, stolen accounts | iTnews

Australian Information Security Incident Reported: March 13 2019

A Sydney man has been charged by the Australian Federal Police for allegedly selling stolen subscription credentials for online streaming services including Netflix and Spotify.

The 21-year-old was arrested during a raid of a Dee Why property in Sydney’s northern beaches yesterday that also seized cryptocurrencies and electronic materials.

Source: Sydney man charged over Netflix, Spotify credential-stuffing, stolen accounts

Incident: Chinese national charged with downloading AMP customers’ personal documents | ABC News Australia

Incident: Chinese national charged with downloading AMP customers’ personal documents | ABC News Australia

Australian Information Security Incident Reported: February 07 2019

A former AMP contractor has pleaded guilty over illegally accessing personal details of customers in Sydney, including drivers’ licences and passports.

Chinese national Yi Zheng faced court accused of downloading documents belonging to 23 AMP customers and sending them to his personal email account.

Source: Chinese national charged with downloading AMP customers’ personal documents