Category Archives: Data Breach List

[Data Breach] – eBay – May 2014


May 22, 2014

Official Announcement from eBay: http://www.ebayinc.com/in_the_news/story/ebay-inc-ask-ebay-users-change-passwords

“eBay Inc. (Nasdaq: EBAY) said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.” Read more:

Further info: http://www.forbes.com/sites/gordonkelly/2014/05/21/ebay-suffers-massive-security-breach-all-users-must-their-change-passwords/

[Data Breach] – Telstra – May 2013


March 11, 2014

Originally published: http://www.itnews.com.au/News/374722,telstra-breached-privacy-act-by-exposing-user-data.aspx
By Allie Coyne on Mar 11, 2014 10:32 AM

One day before new privacy laws take effect.

Telstra has been forced to pay $10,200 after being found to have breached the Australian Privacy Act by inadvertently exposing the details of over 15,000 customers online.

In May last year the personal information of 15,775 Telstra customers, detailed on internal Telstra spreadsheets, were discovered to be publicly accessible through a Google search.

The data included customer names, telephone numbers and in some cases addresses. It also included 1257 silent line customers. Continue reading

[Data Breach] – Queensland’s Department of Justice – Nov 2013


November 07, 2013

Qld Justice accidentally discloses sensitive data

Posted by Karen Cowan, on 5 Nov 2013, in IT Magazine.
Originally published: http://www.itnews.com.au/News/362941,qld-justice-accidentally-discloses-sensitive-data.aspx

Second law enforcement agency caught out by metadata.

Queensland’s Department of Justice and Attorney General (DJAG) has pulled nearly 15,000 items of metadata out of the public domain after they were discovered to contain sensitive information.

The metadata, which was publically viewable prior to April this year, includes the names of people who have come into contact with the agency as well as investigations before the courts.

It described thousands of confidential files to be held on the department’s behalf by the Queensland State Archives until a predetermined period of secrecy has lapsed. Continue reading

[Data Breach] – Adobe – Oct 2013


October 04, 2013

Important Customer Security Announcement

Posted by Brad Arkin, Chief Security Officer on October 3, 2013 8:08 AM in Executive Perspectives

Originally Published: http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html

Cyber attacks are one of the unfortunate realities of doing business today. Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyber attackers. Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related. Continue reading

[Data Breach] – Google – May 2013


May 07, 2013

Google hit by building automation security FAIL

Originally published by The Register – R. Chirgwin on 6 May 2013

The building housing Google Australia’s lavish Sydney headquarters is running the known-vulnerable Tridium Niagara building management system, and has been compromised by the Cylance researchers who have made Niagara their mission.

The researchers identified the underlying system – QNX on an embedded system – and extracted the admin password from the system’s config file. After that, as the company’s blog post explains, they were able to wander around the control environment pretty much at will.

Continue reading

[Data Breach] NZ Welfare Agency – Oct 2012


March 06, 2013

NZ ministry knew of massive data breach

Originally published by iTnews by Juha Saarinen on 15 Oct 2012.

Chose not to act after informant sought cash reward.

Revelations that members of the public could access confidential documents from kiosks installed at a New Zealand government welfare agency has blown into a national scandal, with data from multiple agencies, corporations and citizens leaked. Continue reading

[Data Breach] – Fund Focus – Jan 2012


February 27, 2013

An Australian online investment website, Funds Focus, part of Wealth Focus owned by Sulieman Ravell, was temporarily shut down after being hit by a massive distributed denial of service (DDoS) attack.

The Russian masterminds that were behind the attack demanded the owner ransom money to stop the malicious operation that prevented the company from performing its tasks.

Read More: http://news.softpedia.com/news/Funds-Focus-Shut-Down-After-DDoS-Attack-Hackers-Demand-Ransom-246697.shtml

Also: http://www.scmagazine.com.au/News/286905,melbourne-it-hit-with-ddos-legal-threat.aspx

[Breach List] – Fairfax owned tradingroom.com.au – Feb 2012

The Fairfax-owned tradingroom.com.au is the latest financial services related website to be hit with a distributed denial-of-service attack (DDoS).

DDoS attacks make online services unavailable by flooding them with millions of requests for page views at once. They are used to cause business disruption to the targeted site, either by protest – known as hacktivism – or financial gain.

[Breach List] – ANZ bank’s E*Trade – Jan 2012

AUSTRALIA’S second-biggest online broking business, ANZ Bank’s ETrade, was forced to shut down over the Christmas-New Year period by a ”malicious” cyber attack offshore.

The shutdown was prompted by thousands of emails bombarding the broking site, in a denial-of-service attack. The lockout was first noticed by ETrade customers trying to access the site overseas, as the bank shut off access to all overseas users. It is understood that, as risk assessments were performed on individual countries, access was restored.

[Breach List] – Netfleet – Feb 2012

Computer hackers penetrate database of Netfleet, possibly accessing addresses and credit card numbers.

In an email to clients, Netfleet said: ”There appears to have been a security breach of our database … this may have resulted in unauthorised access to some of your customer account information, such as your name, email address, billing address, phone number and a cryptographically scrambled version of your credit card and expiry date.”