Information security is becoming one of Australia’s top priorities in business and education. In fact, ransomware attacks are set to double this year, after quadrupling in 2016, and Prime Minister Malcolm Turnbull recently described cyber security as “the new frontier of warfare.”

However, many Australian businesses are unaware of the diversifying threats to their data, and have not implemented sufficient protection. This is unsurprising, considering only a little over 10% of Australian SMEs are aware of the costs associated with an information security breach. 

In this article, we outline 7 information security breaches in 2017 that highlight the diverse threats facing all businesses today.

1. PlayStation & Xbox

Playstation and Xbox gamers suffered leakage of private information following a data breach involving 2.5 million accounts. Hackers were able to obtain email addresses, passwords, and IP addresses from a staggering volume of users. Although this breach occurred back in 2014, details have only recently come to light this year. The information was obtained through online forums ‘Xbox360 ISO’ and ‘PSP ISO.’ Interestingly, the communities are not associated with Sony and Microsoft, however, the incident is the most severe cyber attack the brands have faced. 

The considerable time it has taken to uncover the extent of the breach is not unique to this case, but is a focus of governments. In February 2017, the Australian Senate passed the Notifiable Data Breaches Bill, which will demand that “any Australian organisation accountable to the Privacy Act will be required to inform the Australian Information Commissioner and members of the public if their data has been compromised.”

2. Showpo

In January 2017, a popular online fashion retailer, Showpo, alleged that a former staff member exported its 360,000-strong customer database to her home IP address before passing it on to her new employer. The information included contact details of customers, contacts, buyers, suppliers, associates, web users, and subscribers.

Unlike other data security incidents on this list, this alleged breach was noteworthy because of its ease and simplicity rather than massive financial damage. The allegations exposed a number of potential information security weaknesses in the eCommerce industry.

3. Telstra

A 2017 Telstra glitch was caused by a fire that disrupted equipment, however it had some unforeseen security implications when personal SMS messages of Telstra customers were sent to recipients on competing networks Australia-wide. Online services rely on SMS messaging to deliver critical confidential information such as new pin numbers and links for resetting passwords, including banking and email services. Thirty per cent of Telstra customers were affected by the fiasco.

4. Yahoo

Australian Government officials were amongst the 1 billion victims of Yahoo’s data breach, according the the ABC who recently acquired the files. The cyber attack possibly involved forged cookies, allowing access to information without having to re-enter user login details. The data including email addresses, birth dates, and answers to security questions was leaked, however no indication of the number of people affected has been made.

5. Supercell

In January, Clash of Clans creator Supercell revealed an attack on its member forums. Over a million user accounts were compromised in the breach, with usernames, email addresses, IP addresses, and hashed passwords among the leaked information.

6. Freedom Hosting II

Freedom Hosting II, the single largest host of sites on the Dark Web, was compromised this year. A group of hacktivists called Anonymous Hackers breached their systems, obtaining 75GB of files and another 2.6GB of databases. The cyber criminal behind the attack breached their systems, downloading gigabytes of data, and then replaced web pages with a notification about the hack, demanding Bitcoin as ransom.

7. E-Sports Entertainment Association

Over 1.5 million user records were leaked after cyber criminals hacked into the E-Sports Entertainment Association ESEA website. The company runs the largest competitive video gaming community, and refused to pay the hacker a $100,000 ransom. The leaked profiles include details such as registration dates, city, state, username, first and last name, bcrypt hash, email, date of birth, zip code, phone number, Steam ID, Xbox ID, and PSN ID.

From sophisticated external cyber attacks, to employee mishandling of company data, these cases demonstrate that information security is a battle fought on many fronts. To speak with a Compliance Council ISO 27001 consultant about safeguarding your company information, get in touch with us today.

To see where your office may be vulnerable to information theft, try our interactive risk analysis: