HACKING – AUSTRALIA

iiNet customers’ details stolen in cyber breach

roymorgansocial Leave a comment

Original article by Jenny Wiggins
The Australian Financial Review – Page: 8 : 20-Aug-25

TPG Telecom has reported a hack of its systems that led to the email addresses and phone details of 280,000 iiNet customers being stolen to various bodies, including the Australian Signals Directorate and the Australian Cyber Security Centre. It has also apologised to iiNet customers for the breach, and has told them to be on the lookout for suspicious emails, texts and phone calls. It is understood that the breach of TPG’s systems took place on Sunday, with TPG having acquired the iiNet brand back in 2015.

CORPORATES
TPG TELECOM LIMITED – ASX TPG, IINET LIMITED, AUSTRALIAN SIGNALS DIRECTORATE, AUSTRALIAN CYBER SECURITY CENTRE

Qantas hack sparks scam high alert

roymorgansocial Leave a comment

Original article by Robyn Ironside, Jared Lynch
The Australian – Page: 15 : 16-Jul-25

Qantas recently advised that a ‘potential’ cyber criminal has made contact with the airline in the wake of the cyber attack on a customer service platform in Manila. Qantas has indicated that it has yet to receive a ransom demand, while no personal data of the 5.7 million affected customers has been released on the ‘dark web’ to date. Satnam Narang from US-based cybersecurity firm Tenable warns that ‘social engineering’ scams may be the biggest risk to Qantas customers whose data has been compromised. He says given that phone numbers were exposed in the hack, affected customers may be targeted with SMS-based scams.

CORPORATES
QANTAS AIRWAYS LIMITED – ASX QAN, TENABLE NETWORK SECURITY INCORPORATED

Medibank must release hack reports

roymorgansocial Leave a comment

Original article by Angelica Snowden
The Australian – Page: 17 : 8-Apr-25

The Federal Court has ruled that Medibank’s customers should be given access to cyber-security reports that were prepared by Deloitte in the wake of the health insurer’s data breach in October 2022. Medibank had contended that the reports were subject to legal professional privilege. Justice Helen Rofe noted that Medibank had consistently stated that it would share the results of the external review, although she concluded that chairman Mike Wilkins had in fact never intended to do so. Customers who were affected by the cyber-attack are pursuing a class action against Medibank.

CORPORATES
MEDIBANK PRIVATE LIMITED – ASX MPL, FEDERAL COURT OF AUSTRALIA, DELOITTE TOUCHE TOHMATSU LIMITED

Labor names, shames Chinese cyber spy gang

roymorgansocial Leave a comment

Original article by Ben Packham
The Australian – Page: 4 : 10-Jul-24

The Australian Signals Directorate has publicly named a Chinese cyber espionage group that has been targeting public and private sector networks in Australia and the South Pacific region. The APT40 hacking group – which is also known as Gingham Typhoon, Kryptonite Panda, Leviathan and Bronze Mohawk – is believed to have links to China’s Ministry of State Security. Microsoft recently identified APT40 as the Pacific region’s most active cyber espionage group. It is not known as to whether Prime Minister Anthony Albanese raised concerns about Chinese hackers during Premier Li Qiang’s recent official visit to Australia.

CORPORATES
AUSTRALIAN SIGNALS DIRECTORATE, CHINA. MINISTRY OF STATE SECURITY, MICROSOFT CORPORATION

The Iconic promises to issue refunds to hacked customers

roymorgansocial Leave a comment

Original article by David Swan, Jessica Yun
The Sydney Morning Herald – Page: Online : 10-Jan-24

The Iconic is the latest Australian company to be hit by a growing wave of cybercrime. The online retailer has advised customers to regularly change their passwords following a rise in fraudulent account login attempts. Some customers claim to have had more than $1,000 stolen from their bank accounts after The Iconic was targeted by hackers who used personal information gleaned from separate data breaches to access customers’ accounts. The Iconic says it will provide full refunds to all affected customers, and emphasised that its own website has not been compromised.

CORPORATES
THEICONIC.COM.AU

Passports, travel documents exposed in data breach

roymorgansocial Leave a comment

Original article by David Swan
The Age – Page: Online : 9-Jan-24

Melbourne travel agency Inspiring Vacations is investigating a data breach that saw a non-password protected database leaked online. The database contained around 112,000 records, including passport images, travel visa certificates, and documents with partial credit card numbers on them. The breach was detected by cybersecurity researcher Jeremiah Fowler, who says the leaked data could be used for a range of illegal activities, such as identity theft, while Inspiring Vacations has informed the Office of the Australian Information Commissioner of the breach.

CORPORATES
INSPIRING VACATIONS, AUSTRALIA. OFFICE OF THE AUSTRALIAN INFORMATION COMMISSIONER

Labor plan would give home affairs minister powers over critical infrastructure during cyber-attacks

roymorgansocial Leave a comment

Original article by Josh Butler
The Guardian Australia – Page: Online : 20-Dec-23

The federal government has released a consultation paper on proposed changes to the Security of Critical Infrastructure Act. Amongst other things, Home Affairs and Cyber Security Minister Clare O’Neil could potentially be given the power to direct providers of criticial infrastructure – such as energy or transport companies – to take certain actions in the event of a cyber attack; this could include suspending their operations for the duration of the crisis. The minister may also be given the powers to direct companies that are hit by a cyber attack to replace customers’ personal documents that have been compromised, such as passports.

CORPORATES
AUSTRALIA. DEPT OF HOME AFFAIRS

AUKUS deal a target for hackers: spy agency

roymorgansocial Leave a comment

Original article by Ben Packham
The Australian – Page: 2 : 15-Nov-23

The Australian Signals Directorate has advised that it was notified of some 94,000 cyber crimes during 2022-23, which is 23 per cent higher than the previous financial year. The ASD responded to 1,100 of the most serious incidents, including three that extensive compromised government or critical infrastructure systems. The ASD has also warned that the AUKUS nuclear-powered submarine alliance is likely to make the defence sector a key target for state-sponsored hackers.

CORPORATES
AUSTRALIAN SIGNALS DIRECTORATE

Foreign agents planting digital mines in key tech

roymorgansocial Leave a comment

Original article by Liam Mendes, Ellen Whinnett
The Australian – Page: 1 & 4 : 1-Nov-23

The Cyber and Infrastructure Security Centre has warned that Australia’s critical infrastructure is under serious threat from foreign interference and espionage. The CISC’s inagural annual risk review notes that the nation’s critical infrastructure sectors are deeply interconnected, so a significant disruption in one sector will affect others. Concerns have also been raised that foreign players have planted ‘digital landmines’ in Australia’s critical infrastructure that could be triggered in the future.

CORPORATES
CYBER AND INFRASTRUCTURE SECURITY CENTRE

Iron ore giant Fortescue Metals targeted by Russian ransomware group

roymorgansocial Leave a comment

Original article by
The Guardian Australia – Page: Online : 19-Jul-23

Fortescue Metals Group has confirmed that a small amount of non-confidential data was stolen in a cyber-attack in late May. The iron ore miner has advised that it had informed the Australian Cyber Security Centre of the "low-impact cyber incident", and that it has completed an internal investigation and taken remediation action. Russian ransomware group C10pm has claimed that it was responsible for the Fortescue cyber attack, and it is believed to have hacked more than 100 companies worldwide.

CORPORATES
FORTESCUE METALS GROUP LIMITED – ASX FMG