Hacks & Attacks: Australia’s 5 Largest Data Breaches Ranked

Photo: Towfiqu barbhuiya / Unsplash

There are many reasons to seek out managed IT support in Australia. For some, it’s all about reducing the cost of hiring permanent staff. Others are more concerned about saving precious time. The one thing all parties are usually intent on protecting, however, is data. 

Unfortunately, data breaches have been on the rise in recent years, and Australia has experienced a particularly steep increase in cyber-attacks. Below, you will find five of the country’s worst attacks ranked them in order of impact rather than the total number of customers affected. 

5. Canva

In May 2019, a hacker named GnosticPlayers led a cyber-attack against the Australian design platform Canva. Shortly after the breach began, however, Canva detected malicious activity and put an end to it. Unfortunately, they were too slow to stop the damage completely. 

GnosticPlayers managed to access the user names, passwords, emails, and payment data of some 139 million users. Only hours after the attack, GnosticPlayers contacted the tech outlet ZDNet to brag about what happened. 

4. Optus

In September 2022, a cybercriminal hacked into the telecommunications giant Optus. The hacker – who may have been part of a state-sponsored group – managed to steal sensitive data from nearly 10 million customers. That data included names, addresses, phone numbers, email contacts, passport numbers, and driver’s license numbers (the last two were the most troubling).

The hack affected nearly 2.8 million current and former Optus customers, putting them at a high risk of identity theft and fraud. In addition, Medicare details for some 37,000 customers were taken as well. Despite all the stolen data, it seems the attack itself wasn’t terribly sophisticated. If that’s the case, Optus may face legal repercussions for not taking adequate steps to protect sensitive customer data. 

3. ProctorU 

In July 2020, cybercriminals targeted ProctorU, a popular testing service for online students. The hackers managed to steal student data from about 450,000 students. This data included email addresses, passwords, physical addresses, phone numbers, and more. Thankfully, they weren’t able to get any financial information. 

That didn’t let ProctorU off the hook. The criminals posted the stolen student information on a dark web forum. In response, former students filed a class-action lawsuit against ProctorU, claiming they failed to uphold adequate security measures.

2. Australian National University

In November 2018, a team of hackers led a sophisticated attack against the Australian National University. By using multiple spear-phishing attacks, the cybercriminals were able to gain sensitive data from 200,000 students stretching back 19 years. That data included addresses, emergency contacts, academic results, tax file numbers, and more. 

After the attack, the cybercriminals deleted their access logs and covered their tracks using the anonymous browser Tor. It took another six months before the Australian National University discovered the breach. 

1. Eastern Health

In March 2021, cybercriminals targeted four Eastern Health hospitals – Box Hill, Maroondah, Healesville, and Angliss. Although no private patient data was stolen, the hackers made it difficult for staff to access critical medical histories. This delayed elective surgeries and forced staff to use pen and paper to record important information. 

Unfortunately, cyberattacks targeting hospitals are becoming more common. Hackers know that hospitals rely on patient data and tend to spend more money on medical expenses than IT support. They also understand that they can demand higher ransoms for stolen patient data. 

Massive data breaches like the ones above are cause for concern. Furthermore, it’s likely that they will be on the rise in the near future. That being said, there are steps you can take to protect yourself and your business. High up on that list is getting robust IT support.

Leave a Reply

Your email address will not be published. Required fields are marked *