CBA customers’ medical data exposed in potential privacy breach | ABC News (Australia)

Australian Information Security Incident Reported: December 03 2018


The Commonwealth Bank is urgently investigating a potential data breach that may have given its staff access to customers’ sensitive medical information.

Medical information supplied by an unknown number of customers to CommInsure was made available to other arms of the bank, including to staff who decide whether to approve or decline loan applications.

Source: CBA customers’ medical data exposed in potential privacy breach

Perth Mint customer data hacked | The West Australian

Australian Information Security Incident Reported: September 08 2018

THE Perth Mint has launched an investigation after a ‘data breach’ of customer information held by a third-party provider.

Chief executive of the Perth Mint, Richard Hayes, said the data breach involved 13 depository online customers

The Perth Mint is working with WA Police and the Australian Federal Police, as well as the Office of the Australian Information Commissioner.

“We are very disappointed this has occurred but can assure our customers that our systems remain secure and that there is no threat to their account holdings.”

Source: Perth Mint customer data hacked

Australian BPO firm Onehalf leaves data exposed on GitHub | iTWire

Australian Information Security Incident Reported: August 30 2018

Australian business process outsourcing company Onehalf left medical information for hundreds of individuals and bank account numbers for several large Australian enterprises exposed in a set of unsecured public GitHub repositories, the security firm UpGuard says.

Source: Australian BPO firm Onehalf leaves data exposed on GitHub

Telstra user stumbles across ‘private’ details of 66,000 users | 9 News

Australian Information Security Incident Reported: July 27 2018


Telstra customer stumbles across contact details of 66,000 fellow customers in a ‘private’ database

A 63-year-old layman, who admits he isn’t a “tech-savvy person”, has somehow been able to access a Telstra database containing the contact details of their customers.

Robert Irvine has told 9NEWS he had an issue with his email and thought he might be able to fix it by logging on to his Telstra account.

Once he signed in, he put in the search term “email” and it returned 66,500 results containing names, addresses, email addresses and phone numbers.

Source: Telstra user stumbles across ‘private’ details of 66,000 users

Government orders ‘urgent review’ of health app sharing users’ information with lawyers | ABC News

Australian Information Security Incident Reported: July 26 2018

An Australian medical booking app, which boasts more than 15 million users a year, is passing on patients’ information to personal injury lawyers.

The ABC has obtained secret documents from plaintiff law giant Slater and Gordon that reveal HealthEngine was passing on a daily list of prospective clients to the firm, based on their personal medical information, as part of a “referral partnership pilot” last year.

Source: Government orders ‘urgent review’ of health app sharing users’ information with lawyers

CommBank sent 650 customer emails to wrong domain | iTWire

Australian Information Security Incident Reported: June 02 2018

About 10,000 customers of the Commonwealth Bank of Australia, the country’s biggest bank, may have had their personal information compromised due to emails being sent to the cba.com domain, instead of cba.com.au.

The bank said it had confirmed that none of this data had been used and that it was deleted from the cba.com email servers.

“From January 2017, we have been blocking internal emails addressed to the cba.com domain name.”

Source: CommBank sent 650 customer emails to wrong domain