Category: Cyber Security

Woolworths says 2.2 million MyDeal customers’ details exposed in data breach

Woolworths says 2.2 million MyDeal customers’ details exposed in data breach

Millions of customers’ details have been exposed in a major data breach at an online shopping site owned by the retail giant Woolworths.

In September Woolworths took an 80% stake in MyDeal, an Australian online shopping site, in a takeover worth more than $200m.

MyDeal was in the process of contacting an estimated 2.2 million customers who’s details have been exposed, the Woolworths Group said in a statement.

The details exposed included customer names, email addresses, phone numbers and delivery addresses and birthdays, with 1.2 million of the customers having only their email addresses exposed.

MyDeal said that no sensitive information had been accessed in the breach, such as payment information, driver’s licence, passport details, and passwords.

Woolworths also said MyDeal’s systems operate on a different platform to the broader group, meaning no Woolworths customer details had been exposed.

In light of the recent string of cyber attacks on major Australian organisations, the government has vowed to review current privacy laws with talk of tighter protections being introduced by the end of the year.

If you don’t have a clear direction on your cyber security position or strategy moving forward, you owe it to your customers, employees, board and yourself to take action now.

Contact



    Medibank Private hit by cyberattack

    Australian health insurer Medibank Private has been forced to take some of its customer-facing systems offline after being hit by a cyberattack. Health insurer Medibank Private hit by cyber attack – ABC News Medibank’s ahm and international student policy management systems are currently offline.

    Medibank is still seeking to confirm that no sensitive information from its 3.7 million members has been disclosed in the attack, stating it has not yet found any customer data that has been compromised including a formal statement to the ASX that “there is no evidence that any sensitive data, including customer data, has been accessed”.

    Chief executive David Koczkar said Medibank recognised its responsibility, given the sensitive data it holds about people’s health.

    Medibank requested its shares be halted from trading while it continues Investigations into the cyber attack.

    The attack follows a recent breach at telecommunications company Optus, where as many as 9.8 million customers’ personal information could have been exposed to hackers: Optus Hacked: Customers warned to check in with their banks after personal data exposed – Acurus

    These high profile incidents will drive change in the legal obligations of Australian companies in regards to their obligations around protecting themselves and their customers from the impact of cyber security related events.

    If you don’t have a clear direction on what your cyber security position is and your strategy moving forward you owe it to your customers, employees, board and yourself to take action now.

    Contact



      How the Russia-Ukraine war makes ransomware payments harder

      How the Russia-Ukraine war makes ransomware payments harder

      Before the start of the Russia-Ukraine war, nearly 75 per cent of cryptocurrency payouts for ransomware went to Russia, according to a study conducted by Chainanalysis.

      As Russia is now a sanctioned country, the legal ramifications of paying ransoms means that victims seeking response and negotiation services are being turned down.

      Russian sanctions are wide and ambiguous, making them difficult to abide by says Kurtis Minder, CEO of digital risk protection firm GroupSense, who’s negotiated hundreds of ransomware payouts over the past two years.

      Sanctions aim to combat ransomware by disrupting ransomware gangs, bolstering resilience, making laundering through cryptocurrency more difficult, and addressing safe harbors like those in Russia. 

      Below are some points to be aware of when considering ransomware in the current Russia-Ukraine war climate.

      Politics have tightened sanctions on ransomware payments

      Since Russia launched its war against Ukraine, paying ransoms to Russian entities have become a political hot button, with some officials considering ransomware payouts a threat to national security.

      While no businesses have yet been charged for paying ransoms under these sanctions, those that violate them can be slapped with civil and criminal penalties even if the victim doesn’t know they’re in violation.

      Some sanctions lists are out of date

      An example is REvil, which supposedly shuttered operations in January. Now REvil seems to have reemerged under a Russian dark web marketplace called RuTOR. Another example is Conti, which has changed names and diversified into multiple spinoffs since its operators threatened to defend Russia with counterattacks.

      Paying a ransom through any of these entities would be in violation of sanctions so it is important to keep up to date with cyber security news. Subscribe to Acurus State of Cyber Security Newsletter to stay informed of current industry updates here.

      Be ready before a ransomware attack

      Victims and law enforcement need to work together and share intelligence. Relationships with authorities will reduce liability in the case the victim unknowingly pays ransom to or through sanctioned entities and affiliates. If, under the weight of ransomware attack, the victim organisation has reached out to authorities, it demonstrates cooperation with law enforcement and may

      Take care when preserving evidence that is highly volatile in nature or limited in retention to prevent loss or tampering (such as in system memory, Windows security logs, or data in firewall log buffers). Also check if the bureau has a decryption key, which may be available for a specific ransomware strain.

      Focus on ransomware prevention

      With legal liability tied to paying ransoms to Russian and other sanctioned entities, prevention becomes even more critical for enterprise CISOs. Start by mastering the basics: over-permissive/shared admin rights, lack of application whitelisting, and lack of visibility into systems and networks.

      To learn more about how the ransomware landscape is being affected by Russian sanctions, contact one of our IT experts today.

      Contact



        Mandatory Cyber Security Incident Reporting Now in Force

        Mandatory cyber security incident reporting now in force

        New legislation now makes reporting of information security events mandatory for several industry sectors.

        Under the Security of Critical Infrastructure 2018 Act, included industries must report cyber security incidents with ‘significant’ impact within 12 hours of discovery.

        The nominated industry sectors include telecommunications, internet service providers, fuel companies, data storage and processing organisations, freight forwarders, banking, insurance and finance, along with food and groceries.

        According to the government, reports to ACSC must be accompanied by written notifications within 84 hours.

        Significant impact is defined as an infrastructure incident has materially disrupted the availability of essential good and services.

        Incidents that affect the integrity, reliability or confidentiality of assets covered by the Act, or the systems they use, are deemed to have ‘relevant’ impact, and must be reported to the ACSC within 72 hours.

        Organisations have a three-month grace period from 8 April, meaning that while mandatory reporting is now law, it won’t begin practice until July.

        If you need help defining the severity of cyber security incidents, or wish to bolster your cyber security position, contact us below for a free GAP assessment.

        Free Cyber Security GAP Assessment



          A Lack of Employee Cyber Hygiene is the Next Big Threat

          A Lack of Employee Cyber Hygiene is the Next Big Threat

          A new report has identified employee cyber risk as a multifaceted issue currently revolving around cyber hygiene within an organisation.

          Data in Mobile Mentor’s inaugural Endpoint Ecosystem Report suggests that everything from endpoints, passwords, training, security policies, to a lack of awareness are all contributing to a much higher risk of cyberattack.

          Despite most phishing attacks focusing on credentials, statistics show that employees still have to improve their password hygiene:

          • Gen-Z employees have more than 20 work passwords and type more than 16 passwords daily
          • 69% of employees admit to choosing passwords that are easy to remember
          • 29% of employees write their passwords down in a journal
          • 24% store passwords in a Notes app on their phone

          64% of employees use a personal device for work with access to corporate systems, data, and apps from personal devices. Organisations must enable secure bring-your-own-device systems and provide proper training about cyberattacks, vigilance, good hygiene within their company.

          However, according to the report only 25% of in-office workers receive security training monthly.

          Organisations need to focus on continual Security Awareness Training and see every aspect of the employee’s interaction with corporate resources, applications, and data as a possible target. Strengthening employee’s own awareness begins to elevate a state of vigilance to ensure better cyber hygiene and a more secure organisation.

          If you have questions on how to strengthen your passwords, or would like to take the steps to increase your organisation’s cyber hygiene, contact us today.

          Contact



            Okta breach leads to questions on disclosure, and our reliance on third party vendors

            Okta breach leads to questions on disclosure, reliance on third-party vendors – CyberScoop

            In another supply chain attack, The Lapsus$ hacker group has targeted Microsoft and Okta in recent breaches confirmed by both technology organizations.

            Okta is an prominent identity and access management company based in San Francisco. It provides cloud software that helps companies manage and secure user authentication into applications, and for developers to build identity controls into applications, website web services and devices.

            Criticism of Okta intensified Thursday in the wake of the company’s announcement that customer accounts were potentially compromised in a security breach via an attack on a third-party contractor’s laptop.

            Security experts called the attack a significant event in the history of cybercrime; questioned what can be done to strengthen screening of third-party contractors and prepare for more malicious insiders; and criticized Okta for failing to disclose the breach to customers or the public for more than two months.

            Dan Tentler, co-founder of cybersecurity company Phobos Group, called the Okta hack potentially “SolarWinds 2.0,” referring to the 2020 breach of a major U.S. information technology firm whose clients were ultimately affected as the attack cascaded.

            The attack continues to highlight the growing prevalence of exposure for all of us to third party supply chain risk.

            If you need strategic advice on how to review and actively manage your third party supply chain risk contact us today for a free cyber security gap assessment.

            Contact