It feels like you can’t look at the news these days without seeing a headline about another massive data breach on an Australian company.
So much of our lives – and so much official documentation – is demanded of us every day. Drivers’ licenses, banking details, passport numbers, medical information, the list goes on.
Refuse to give the government or businesses any of these highly confidential details and you can expect to be denied services, refused a rental property or charged more for medical care.
It would seem fair then, that if we’re required to provide so much identifying information to these organisations, that they keep that data safe and secure.
But a quick glance at the sheer number and variety of data breaches in just the first half of 2024 shows that isn’t happening, and in fact cybercriminals seem to be having a bumper year.
So far, there have been more than 60 breaches reported and potentially many more not picked up by the media.
There are some obvious targets, such as banks and hospitals, but there are also some truly weird targets you really wouldn’t expect. It goes to show how important data security is in all settings.
There have been so many data breaches this year that listing them all individually would be a boring read – but looking at the types of organisations targeted may help us figure out where the next honeypots may be.
Retailers
It’s perhaps no surprise that many retailers used by Aussies have been hit by data breaches – they would contain payment information and shopping habits after all – but it’s frightening the sheer variation in the types of businesses targeted.
So far this year, money has stolen from users of fashion website The Iconic and more than 50 million people worldwide, including Australians, had their details leaked online when car rental giant Europcar was hacked.
Your quiet Saturday night in wasn’t safe either, with streaming service Binge, alcohol retailer Dan Murphy’s and Mexican food outlet Guzman y Gomez all hit by hackers in the past six months.
Global brands
Even some of the world’s largest companies haven’t been safe this year. Japanese car manufacturer Nissan’s Australian subsidiary had to contact more than 100,000 customers after personal data taken from its servers and was again breached in April.
National airline Qantas was forced to apologise last month after problems with its app allowed customers to view the details of other passengers, including names and upcoming flights.
And in perhaps the weirdest data breach of all so far this year, Yakult Australia, makers of that strange, fermented milk drink popular in the 90s, have had 95 gigabytes of unspecified data leaked online. Perhaps it’s the recipe for what’s really in it?
Government institutions
Another favourite of cybercriminals are government websites and services, as they usually hold a treasure trove of information.
In January, hackers went straight to the top, attacking 62 government departments including Australia Post, the Departments of Prime Minister and Cabinet, Treasury, Foreign Affairs and Trade, Home Affairs, and the Australian Tax Office.
Also in January, a ransomware group managed to gain access to Victoria’s court transcription service and threatened to release court transcriptions online.
On a more local level, Central Coast Council in NSW detected an attack in February when hundreds of payments attempted to go through its systems at once. The council believes the criminals were testing random credit card numbers to see if any worked.
Telecommunications
After last year’s very high-profile Optus data breach, you’d think telcos would have beefed up their security in the interim. But it seems some haven’t learned the lesson.
More than 200,000 customers of budget telco Tangerine had their details leaked online in February including full name, date of birth, as well as their postal and email addresses. Tangerine said it had traced the incident back to just a single contractor login.
And proving the major players still aren’t totally infallible, Telstra had the details of around 3000 customers leaked through one of its internet subsidiaries Opticomm.
Health providers
Often a favourite target of hackers due to the sensitive nature of the information collected, health providers have been under attack in 2024.
In February, the Royal Australian College of General Practitioners had the phone numbers and addresses of doctors stolen in a phishing attack.
And just last month online script provider MediSecure did not live up to its name when it was subjected to a “large-scale ransomware attack” with criminals threatening to release prescription information of clients.
It really just goes to show there doesn’t seem to be a clear solution to this problem. Hackers and their techniques get more sophisticated by the day, and authorities seem to be powerless to stop them and keep our data safe?
Have you been affected by any of the data breaches so far in 2024? Are you aware of any other data breaches? Let us know in the comments section below.
