2022 Cyber-Attacks in Australia: A Year of Cyber Security Challenges

Last year in Australia, we saw an increase in the number of cyber threats and data breaches that affected our nation. The ACSC (Australian Cyber Security' Centre) received over 76,000 cybercrime reports, that is an increase of nearly 13% when compared to 2021. On average, a cybercrime would be reported every 7 MINUTES in Australia. Below is a list only containing a few dozen out of thousands of businesses and organisations that were compromised by a serious data breach conducted by a threat actor.

All of these are related to organisations well known to you but you might not be fully aware of these breaches reported. Some of the most notable data breaches reported in Australia include:

1. Crypto.com – January: Security News This Week: Crypto.com Finally Admits It Lost $30 Million in Hack

2. Red Cross Australia – January: Locations and contact data on 515,000 vulnerable people stolen in Red Cross data breach. Australian Red Cross clients potentially caught up in international cyber attacks. Red Cross cyberattack sees data of thousands at-risk people stolen. Red Cross Cyber Attack Exposes Data of 515,000 Vulnerable People. The Australian Red Cross warns clients of potential security breaches. Aussie Red Cross flags potential cyber breach. Australian Red Cross clients potentially caught up in international cyber attacks. Red Cross hackers exploited Zoho vulnerability to gain entry | Accessed case files of 515,000 vulnerable people held in an encrypted database.

3. TfNSW (Accellion) – January: TfNSW finds more customers, employees impacted by Accellion breach

4. FlexBooker – January: Scheduling Platform FlexBooker Discloses Data Breach Affecting 3.7 Million Accounts

5. Sydney Trains - February: An unauthorised third party gained access to staff and contractors' personal information, including names, contact details, and tax file numbers.

6. Medlab Pathology – February: Medlab Pathology discloses February data breach. Australian Clinical Labs accused of ‘sitting on’ hack that saw patient data posted to the dark web

7. OAIC Report – February: Australian gov data breach numbers slip out of public view. Latest notifiable data breaches report.

8. NSW Government – February: Sensitive addresses among more than 500,000 leaked from the NSW Government database. NSW nurses strike as data breach defended. Sensitive business addresses among 500,000 published in COVID data breach

9. News Corp – February: News Corp reports cyber data breach. Chinese hackers believed to be behind News Corp data breach.

10. CFMMEUR – February: Union fined for data centre breach

11. Department of Premier & Cabinet Victoria – March: An attack on an email system resulted in the exposure of confidential data related to investigations into sexual harassment allegations against members of parliament.

12. Sydney Airport – March: Personal details such as passport numbers and flight dates were exposed when hackers gained access to the airport’s online services.

13. Warrnambool Council – March: Data breach was ‘not serious’

14. OKTA – March: Okta says third-party breach may have impacted up to 366 customers – Hackers took control of the contractor's computer. Lapsus$ hackers exploited Okta supplier’s security lapses – Allegedly found spreadsheet with login credentials. Okta investigates possible data breach – May relate to third-party customer support engineer targeted in January. Okta confirms hundreds of customers could be affected by data breach – January 2022 breach could have affected hundreds of Okta customers

15. Microsoft – March: Hackers Post Images Showing Possible Microsoft Breach – The same cybercriminal group that recently breached Nvidia briefly shares a screenshot that suggests the hackers also gained access to Bing’s source code. Microsoft Azure DevOps targeted by hackers | ‘Single account’ compromise led to Microsoft’s Lapsus$ code leak – Attackers were interrupted mid-operation

16. Ubisoft – March: Ubisoft says ‘cyber security incident’ last week shows no evidence of data breach – Ubisoft’s IT team is working with external experts to investigate the incident, which took place last week. Ubisoft fans need to change their passwords now – Ubisoft player data should still be safe

17. Nvidia – March: Over 71,000 Nvidia accounts have personal data leaked following the hack. Nvidia says employee, company information leaked online after a cyber attack. Nvidia hackers claim they also hit Vodafone, threatening data leak. NVIDIA data breach exposed credentials of over 71,000 employees.

18. Toyota Motor – March: Toyota suspends domestic factory operations after suspected cyber attack | 13,000 vehicles held up after supplier hacked

19. Australia Post – April: Personal information from approximately 200 employees was exposed via an unsecured website.

20. SuperVPN, GeckoVPN, ChatVPN – April: 25 million free VPN user records exposed

21. Coca-Cola – April: Coca-Cola investigating potential large-scale data breach | A new threat actor claims to have stolen gigabytes of data. Top Data Breaches and Cyber Attacks of 2022. Cybercrime is big business, and it’s already rife in 2022 – we’ve highlighted ten top cases

22. Panasonic – April: Panasonic hit by another major cyberattack | Almost 3GB of data taken in attack on Panasonic

23. Block (ASX:SQ2) – April: Block (ASX:SQ2) share price jumps 6% despite reporting a data breach

24. Department of Home Affairs – May: Hundreds of classified Home Affairs documents believed sent to unsecured address in ‘serious’ breach of security protocols

25. NDIS – May: Sensitive NDIS health data breached in client platform hack. NDIS case management system provider breached | Updated: “Large volume” of sensitive health data exposed.

26. Spirit Super – May: Spirit Super hit by data leak, 50,000 accounts exposed. 50,000 super fund members impacted by data breach

27. APAC – May: APAC organisations fail to disclose ransomware breaches

28. Facebook – May: Facebook’s Zuckerberg sued for data breach. Mark Zuckerberg, head of Facebook-owner Meta, is being sued in the US over the Cambridge Analytica scandal that compromised the personal data of millions

29. South Australian Government – May: More than 90,000 South Australian public servants now involved in payroll data breach

30. National Tertiary Education Union – May: NTEU becomes victim of data breach | NTEU servers were subject to a ransomware attack, a week out from University wide-strikes

31. Transport for NSW – May: TfNSW hit by another data breach. TfNSW hit by second cyber attack in less than 18 months | Confirms authorised inspection scheme system data accessed. Data breach a Transport for NSW fail.

32. iCare – June: iCare data breach due to ‘human error’, agency says iCare launches systems review after 193,000 claimants affected by privacy breach. iCare sends private details of 193,000 workers to wrong employers

33. Neopets – July: A Hacker Is Trying to Sell Data on 69 Million Neopets Users. The Hackers Who Breached Neopets Were Inside Its IT Systems for 18 Months.

34. Uber – July: Uber confesses it covered up a huge data breach | Confession comes as part of DoJ settlement. Uber settles with DOJ for failing to disclose breach that exposed 57 million users’ data

35. Perth Festival, Black Swan State Theatre Company – July: Perth Festival, Black Swan Theatre and other arts organisations hit by major data breach

36. Victorian Government – July: Students, travellers and staff exposed as Hotel Quarantine data breach revealed

37. Woolworths – July: Woolworths denies data breach after outraged shoppers claim Everyday Rewards hacked

38. Marriott – July: Marriott suffers yet another data breach

39. Mangatoon – July: Millions of comic book fans have data leaked after Mangatoon breach

40. China Police – July: Private information of more than 100 Australians exposed amid huge China police data leak

41. Deakin University – July: Deakin University reveals breach of 47,000 students’ details | Subset targeted with smish sent via officially-used SMS channel. Data on Almost 47,000 Students Exposed in Deakin Uni Breach. Hackers target Deakin Uni

42. AMD – July: AMD is investigating a serious potential data breach | An attacker claims to have stolen 450Gb of sensitive data. AMD Is Investigating a Potential Data Breach Allegedly Caused by Weak Passwords

43. OpenSea – July: OpenSea customers warned to stay on high alert for phishing attacks | OpenSea email database exposed by a third party. NFT giant OpenSea reports major email data breach. OpenSea users’ email addresses leaked in a data breach. NFTs Have Been Stolen From OpenSea Users

44. LastPass – August: Password manager company LastPass reports major security breach | The company – which has more than 25 million users – says hackers stole parts of its source code and other sensitive data. LastPass was hacked, but it says no user data was compromised

45. DoorDash – August: Aussies’ sensitive details at risk after global data breach | Popular food delivery service DoorDash is investigating whether credit card and contact details of Australians have been leaked.

46. Facebook – August: A Facebook glitch has affected users worldwide. So, what went wrong and has there been a data breach?

47. WA Health – August: WA Health Department apologises for monkeypox data breach of passengers on flight from Doha to Perth. Nurse responsible for major monkeypox data breach in Perth. Health Department under fire as personal details of monkeypox plane passengers sent out in email

48. Cisco – August: Hackers Breach Cisco and Steal Data, But Fail to Deploy Ransomware

49. Twitter – August: Twitter confirms personal details of millions of account holders compromised. Twitter says zero-day bug leaked account data. More than 5 million Twitter accounts impacted by recent data breach

50. North Face – September: 200,000 North Face accounts hacked in credential stuffing attack.

51. Optus – September: Optus attack exposes customer information. Personal details of 1.1 million customers purportedly offered for sale.

52. Uber – September: Teen hacker gets into Uber, announces data breach on chat software. Uber investigating ‘cyber security incident’ after report of breach. Company forced to shut internal communications and engineering systems. Uber Investigating Massive Security Breach by Alleged Teen Hacker. Uber in ‘unforgivable’ security breach.

53. Fremantle Football Club – September: Fremantle apologise for AFL data breach

54. TikTok – September: TikTok Hacked, Denies Security Breach Allegations - TikTok denies security breach after hackers claim to have records of more than a billion users

55. SSKB – October: Australian strata company SSKB breached

56. Microsoft – October: Microsoft data breach exposes customers’ contact info, emails

57. AFP – October: AFP classified documents hacked in data leak, exposing agents fighting drug cartels

58. Vinomofo – October: Online wine seller Vinomofo was hit in a major data breach. Vinomofo data breach: 500,000 customers at risk after wine dealer hit by cyber-attack

59. Medibank – October: Medibank admits personal data stolen in cyber attacks. Medibank Group detects cyberattack, takes several services offline as a precaution. Medibank receives contact from hackers | Group requests negotiations over customer data.

60. Woolworths MyDeal – October: Woolworths MyDeal becomes latest target of cyber attack. What information was leaked and what can you do if you’re affected? Woolworths says data of 2.2 million customers of its MyDeal website has been exposed

61. Twitter – November: More than 5 million Twitter users at risk after alleged security breach

62. WhatsApp – November: WhatsApp denies data leak as company hit by anonymous online threat

63. The Smith Family – November: The Smith Family warns supporters of stolen personal data amid hack on Australian charity. Children’s charity The Smith Family hit by cyberattack

64. Harcourts – November: Harcourts Melbourne City real estate agency advises customers of data breach.

65. Victorian Government | PNORS Technology Group – November: Victoria has ordered an investigation into a potential data breach. Here’s what happened.

66. BWX (Flora & Fauna) – November: Credit card details likely exposed in skincare online shopping hack

67. Fire Rescue Victoria – December: Fire Rescue Victoria investigating a security incident. Cyber attack cripples Fire Rescue Victoria | Firefighters resort to mobile phones and radio.

68. LastPass – December: Parsing LastPass’ data breach notice

69. TPG Telecom – December: TPG Telecom joins list of hacked Australian companies, shares slide.

70. State Office of Victoria – December: Data breach hits Victoria’s revenue office

71. LJ Hooker – December: Real estate agency LJ Hooker hit with data breach

72. Telstra – December: Telstra blames privacy breach on ‘database misalignment’ | Published details of unlisted customers online. Telstra explains how an internal data breach exposed more than 130,000 customers’ details. Telstra apologises after customer data breach. Telstra slips up as details of 130,000 customers go online. Telstra privacy breach sees customer details made public

It is important for all organisations, regardless of size, to be aware of the risks associated with data breaches. Taking the necessary steps to protect against possible cyber-attacks could help prevent costly data breaches from occurring in the future.

Your Security is our Priority

Your friendly Support Team

Speak to us about all your computer needs

This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.