Telstra exposes details of 132,000 customers online
Telecom giant Telstra has announced that an internal error has exposed 132,000 customers’ details, including names, numbers and addresses. The company has blamed a "misalignment of databases" for the leak.
On December 9 the company, which has nearly 20 million Australian accounts, announced that the data of “some unlisted customers” had been exposed. CFO Michael Ackland underlined that “no cyber activity was involved”. The company is investigating the error, which occurred when information was shared with Directory Assistance services and the White Pages.
The news comes just months after Telstra announced that a breach at a third-party supplier had exposed the data of 30,000 current and former employees. Rival telco Optus suffered a massive breach in October, but while that incident was the result of a cyberattack, Telstra’s appear to have resulted from internal errors. External threats can be deadly, but organisations must look to their own data management practices – unsecured personal information can give criminals the easiest of wins.
iiNet and Westnet business customers’ emails breached in TPG attack
News of another telecom breach also surfaced this month, with TPG revealing that up to 15,000 business users of iiNet and Westnet had been compromised. Access was gained via a Microsoft Hosted Exchange service.
Hosted Exchange provides a bundle of digital services, including email, to customers. The hackers seem to have been searching for cryptocurrency and financial information, although TPG has not said what information was compromised. “We have implemented measures to stop the unauthorised access, further security measures have been put in place, and we are in the process of contacting all affected customers on the Hosted Exchange service,” said a spokesperson.
Shares in the company dipped sharply after the announcement. The wave of recent breaches in Australia has seen organisations working closely with affected customers and the government announcing new plans including heavier fines for breaches, with further changes in cybersecurity strategy due in 2023.
Ransomware attack hits multiple New Zealand government agencies
A ransomware attack on third-party IT provider Mercury IT has affected several government departments, including the Ministry of Justice and Te Whatu Ora (Health New Zealand).
New Zealand’s Privacy Commissioner announced the attack on 6 December, having been first notified a week earlier. It notes that the situation is “evolving” and that “urgent work is underway to understand the number of organisations affected, the nature of the information involved and the extent to which any information has been copied out of the system.”
The attack has disrupted multiple companies and agencies, with government bereavement, cardiac and post-mortem services all impacted. While health services in New Zealand are operating as normal, privately owned companies in sectors including physiotherapy and insurance have been disrupted. The serious impact of attacks on critical infrastructure and essential services makes them increasingly common targets for ransomware gangs and state-linked groups in particular.
Investment scammers arrested in $144 million bust
Police have arrested four people who are believed to have been part of a gang that used social engineering techniques to mount a $144 million series of FX and crypto scams.
Two of the individuals were arrested in Sydney, while two were arrested while seeking to flee Australia for Hong Kong. The Chinese nationals are alleged to have laundered money for a larger syndicate that managed large-scale financial scams. The criminals used platforms including dating, employment and messaging sites to encourage their victims to invest. The gang then manipulated data on legitimate investment sites to cover the theft.
Detective Sergeant Salam Zreika advised members of the public to exercise caution when investing money online. “It is essential people exercise the utmost caution if cold-approached online or on the phone by people trying to sell financial or investment services,” she said. “Criminals are ruthless and will stop at nothing to take your money.” Online scams are a growing threat, and everyone should be on their guard.
Australia leads the world in data breaches after wave of attacks
After a series of major breaches, Australia now has the highest data breach density in the world, according to VPN provider Surfshark – breaches have spiked by 489% this quarter.
Australia tops the chart of breach density, followed by Russia and Turkey, with New Zealand’s breach figure 14 times lower than its neighbour. This period has seen 1.88 million Australian user profiles stolen, compared to 300,000 last quarter.
The news comes as Microsoft warns of vulnerabilities to critical infrastructure. The company’s Cyber Signals report claims that 75 percent of control technologies used by critical infrastructure companies are severely vulnerable to cyberattacks. “Nation-State and cybercriminal gangs have figured out that attacking these technologies, when not secured correctly, can in some cases be quite easy, with catastrophic consequences, for example stopping the flow of oil or electricity to an area or country,” said Microsoft Australia national security officer Mark Anderson. As threats swirl, more and more organisations are turning to holistic cloud-based solutions and zero trust to guard their assets.