BreachExchange mailing list archives
Nova warns listeners of data breach affecting 250, 000 Australians
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 28 Dec 2018 08:33:56 -0500
https://www.smh.com.au/business/companies/nova-warns-listeners-of-major-data-breach-affecting-250-000-listeners-20181228-p50omw.html “We are taking all necessary measures to ensure the strength and effectiveness of our cyber security, and there is currently no evidence of any suspicious activity or threats on Nova Entertainment's systems,” Ms O’Connor said. “We take privacy, and the security of the information we collect from our listeners very seriously, and on behalf of Nova Entertainment I deeply and sincerely regret that this incident has occurred,” she said. The breach included information as varied as user names and passwords (protected by a security technique known as hashing), home addresses, emails, phone numbers, gender and date of birth details. In total, 261,948 people are involved in the breach. Nova has radio stations in Sydney, Melbourne, Brisbane, Adelaide and Perth and affected people are expected to receive an email, SMS or letter. No financial information or copies of ID were disclosed and the statement said there was “no reason to believe” Nova’s existing systems were affected. Details are yet to be disclosed about how many people may have accessed the data. The information that was publicly disclosed in this breach is described in the radio network’s statement as being a “legacy dataset” from May 2009 to October 2011. Those affected are encouraged to change their passwords, review their credit report for unusual activity and enable additional security measures as needed. Nova is undertaking an investigation into the issue, with cybersecurity consultants working out the specifics about how the data breach happened. The radio network has informed the Office of the Australian Information Commissioner (OAIC) and is in the process of contacting law enforcement bodies. Cyber support service IDCARE assisting those affected by the breach in late-December and early-January. The data breach comes during increased scrutiny on all businesses over the handling of sensitive customer data after a year of heated debate about privacy practices and data concerns about internet giants Facebook and Google and government-introduced initiatives like My Health Record. New laws introduced in early 2018 required mandatory data breach reporting for businesses, government agencies and non-profits with annual turnover of at least $3 million. This has captured many small businesses across the country. Under these rules, companies are given 30 days to notify individuals affected and to inform the OAIC. The latest OAIC data for the three months to September 2018 shows 245 notifications about breaches were made during the period. The majority involved under 1000 individuals - two impacted more than 100,000 people - and contact information was the most common data affected. More than half of these data breaches were due to malicious or criminal attacks, while 37 per cent were due to human error. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Nova warns listeners of data breach affecting 250, 000 Australians Destry Winant (Dec 28)