Harcourts Melbourne City real estate agency advises customers of data breach

Harcourts real estate have suffered a data breach, potentially exposing customers’ names, addresses and bank details.

According to an email sent to customers of Harcourts Melbourne City, the company’s rental property data base had been accessed on October 14.

Harcourts maintain they only became aware of the attack on October 24.

The real estate company is blaming its service provider Stafflink for the incident, who have denied the allegations and said Harcourts’ poor security protocols are responsible for the breach.

Harcourts said information such as names, addresses, copies of signatures, photo identification and bank details may have been visible to hackers though at this point it is not known how many people may have been impacted by the breach.

Do you know your Cyber Security capabilities, and your level of risk? Do you have a clear plan on how to improve your capabilities? Would you know what do to do if you had a cyber security incident? 

With over 20,000 new vulnerabilities released in a year, it can be difficult to keep track of all the new vulnerabilities that are discovered every day, and sometimes it feels like we’re fighting a losing battle.

Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

Request a free Essential 8 assessment to start your journey on protecting your company, employees and customers below.

Contact

No cyber insurance as Medibank breach hits four million customers

Medibank has confirmed their lack of cyber insurance will cost the company between $25 and $35 million, following a recent breach.

The health insurer announced on 26 October that cyber criminals gained access to personal data from all 3.9 million of Medibanks customers.

Cyber thieves now have access to sensitive information such as health-claims data, ahm and international students’ units as well as personal data.

Customers should expect to be contacted directly by Medibank to be notified what specific data has been taken from them.

The Australian Federal Police (AFP), Australian Cyber Security Centre (ACSC) and third-party IT experts are now working with Medibank to investigate the breach. 

Do you have a clear direction on your cyber security position and strategy? Contact us below to speak with our cyber security experts and start the journey to protect your company today.

Contact

Government proposes $50m data breach fines

The Australian government will introduce new legislation to increase data breach penalties, with fines of up to $50m being proposed.

Attorney-general Mark Dreyfus announced on 22 October that the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, is set to significantly increase fines in the event of serious or repeated privacy breaches.

Australian organisations could now face drastic fines for any future cyber security incidents that involve a breach of customer data.

This significant shift in Australian privacy legislation comes after multiple Australian companies were targeted in landmark data breaches, including Optus, MediBank, MyDeal and VinoMofo.

The current level of penalty for such incidents’ came under heavy criticism from multiple government figures with fines being capped at only $2.2 million.

As these penalties dramatically increase, organisations should be incentivised to invest in proper safeguards and cybersecurity, to avoid hefty fines and to keep their customers information secure.

Do you know your Cyber Security capabilities, and your level of risk? Do you have a clear plan on how to improve your capabilities? Would you know what do to do if you had a cyber security incident? 

With over 20,000 new vulnerabilities released in a year, it can be difficult to keep track of all the new vulnerabilities that are discovered every day, and sometimes it feels like we’re fighting a losing battle.

Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

Request a free Essential 8 assessment to start your journey on protecting your company, employees and customers below. 

Contact

Customers of Australian company Vinomofo are the latest victims of personal information exposure after the wine dealer suffered a major cyber-attack.

Personal information including names, dates of birth, addresses, email addresses, phone numbers and genders of customers are at risk of exposure.

It is not yet clear if all of Vinomofo’s 500,000 customers were exposed but all have been warned to remain on high alert of scam activity after the hack.

Vinomofo said the risk to its members was “low” because other sensitive information such as passports, credit card details and driver’s licences were not held by Vinomofo.

The incident occurred after an unauthorised third party unlawfully accessed the database from a testing platform that is not linked to Vinomofo’s live website.

This latest breach follows a chain of attacks on telecommunications company Optus, health insurer Medibank, and more recently online retail store MyDeal.

All Australian organisations should take these incidents’ as a stark reminder of the importance of a strong cybersecurity position and strategy.

Contact

Woolworths says 2.2 million MyDeal customers’ details exposed in data breach

Millions of customers’ details have been exposed in a major data breach at an online shopping site owned by the retail giant Woolworths.

In September Woolworths took an 80% stake in MyDeal, an Australian online shopping site, in a takeover worth more than $200m.

MyDeal was in the process of contacting an estimated 2.2 million customers who’s details have been exposed, the Woolworths Group said in a statement.

The details exposed included customer names, email addresses, phone numbers and delivery addresses and birthdays, with 1.2 million of the customers having only their email addresses exposed.

MyDeal said that no sensitive information had been accessed in the breach, such as payment information, driver’s licence, passport details, and passwords.

Woolworths also said MyDeal’s systems operate on a different platform to the broader group, meaning no Woolworths customer details had been exposed.

In light of the recent string of cyber attacks on major Australian organisations, the government has vowed to review current privacy laws with talk of tighter protections being introduced by the end of the year.

If you don’t have a clear direction on your cyber security position or strategy moving forward, you owe it to your customers, employees, board and yourself to take action now.

Contact

Australian health insurer Medibank Private has been forced to take some of its customer-facing systems offline after being hit by a cyberattack. Health insurer Medibank Private hit by cyber attack – ABC News Medibank’s ahm and international student policy management systems are currently offline.

Medibank is still seeking to confirm that no sensitive information from its 3.7 million members has been disclosed in the attack, stating it has not yet found any customer data that has been compromised including a formal statement to the ASX that “there is no evidence that any sensitive data, including customer data, has been accessed”.

Chief executive David Koczkar said Medibank recognised its responsibility, given the sensitive data it holds about people’s health.

Medibank requested its shares be halted from trading while it continues Investigations into the cyber attack.

The attack follows a recent breach at telecommunications company Optus, where as many as 9.8 million customers’ personal information could have been exposed to hackers: Optus Hacked: Customers warned to check in with their banks after personal data exposed – Acurus

These high profile incidents will drive change in the legal obligations of Australian companies in regards to their obligations around protecting themselves and their customers from the impact of cyber security related events.

If you don’t have a clear direction on what your cyber security position is and your strategy moving forward you owe it to your customers, employees, board and yourself to take action now.

Contact