“Cyber Attacks and Data Breaches Case Study” presented by Iman Tahami – Director at CISO Online.
Here are the details of four recent cyber security and data breaches in Australia:
Meriton was involved in a supply chain attack in March 2023. It is still under investigation, but it was classified as a Personally Identifiable Information (PII) and Protected Health Information (PHI) data breach.
It was caused by data shared with their suppliers and other parties. The data breach affected guests and past and present employees of Meriton Suites. It was 35.6 GB of data including a significant amount of sensitive information, including birth certificates and bank details, salary records, tax file numbers and health information.
The breach was reported to the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. Meriton has personally contacted all people affected.
Good Guys suffered from a supply chain attack on their loyalty program. The breach occurred in August 2021 but was only discovered in early 2023. It is still under investigation. It’s a PII breach.
It was caused by access to the third party via their loyalty program. Some of the customer’s passwords were stolen, and some had their date of birth hacked. This affected up to 1.5 million members.
As a result, the Concierge member benefits program has been closed. The Good Guys no longer used My Rewards (formally known as Pegasus Group).
Latitude Financial Services
Latitude Financial Services was involved in an indemnity theft and ransom attempt. It is still under investigation. It’s another PII beach with stolen credentials.
Internal systems were breached and allowed a bad actor to steal an employee’s login. The data was not encrypted. Latitude received a ransom demand which was refused.
14 million records were stolen. This data breach included sensitive information such as customer driver’s licence numbers, passport numbers, addresses, phone numbers and dates of birth.
The company lost up to $105 million. A class action has been launched. Latitude will reimburse customers for the replacement cost of their stolen ID documents.
Crown Resorts is involved in the exploitation of a zero-day vulnerability. This was caused by a delay in implementing a security patch. Documents were accessed via a breach of GoAnywhere, a third-party file transfer service.
It is alleged that the Ransomware gang Clop is behind the attack.
The breach occurred in March 2023. It was caused by a delay in implementing a security patch. This led to a data breach of employee salary information and casino machine reports.
The vulnerability has now been patched. But the investigation is ongoing.
Unfortunately, we cannot prevent cyber security attacks and data breaches from happening. We can implement best practices in security and minimise the damage when they occur.
Recommendations to organisations:
- Follow the best practice for security solution Architecture (RBAC, Least Privilege, DLP and CASB).
- Follow the Zero-Trust framework (never trust – and always verify).
- Conduct penetration testing on your systems to identify potential gaps and vulnerabilities.
- If your organisation shares information with third-party suppliers, you need to regularly ask for their security reports and testing.
- Restrict staff members’ access to only the data they need for their role.
- Conduct frequent security awareness training with your staff members.
- Organisations need to have robust cyber security policies and procedures.
- Collect and retain the minimum amount of information required.
Recommendations to individuals:
- Where possible, do not store or share your personal data online. Avoid storing your sensitive and personal data and images in the cloud.
- Activate two-factor authentication whenever possible.
- When you leave a business, ask for your personal information to be deleted or archived.
- Do not approve of third-party sharing of your personal data. Cross out any extra data sharing that is not required for your personal needs.
- Show documents in person where you can and avoid uploading personal documents online.
- Do not reuse passwords – do use a password manager.
- Do not use your real birth date on competitions and random online forms.
- Your banking passwords needs to be unique. Never share this information with anyone.
- If affected by any of these data breaches, apply for a new driver’s license number.
- Contact Australia’s credit reporting agencies – a red flag is if you notice your credit score has gone down.
- Consider cancelling your loyalty programs.
- Regularly shred any paper records with sensitive and personal information.
The business is responsible for keeping your data secure. Be proactive about your company’s cyber-attacks. Remember the motto: If you see something, do something.
Presentation hosted by CISO Online.